LinkedIn iOS app also vulnerable to plist identity theft

Following the recent findings by Gareth Wright about Facebook iOS app storing authentication keys in a plain text file that is easily accessible even on non-jailbroken devices (allowing it to simply be copied to another device to grant access to that account) we have just discovered the same security flaw is also present in the latest version of LinkedIn iPhone app and you can also easily extract these plist files from iTunes backups.

Using a free app (in this case iExplorer) to browse the contents of your iPhone if you navigate to Apps/LinkedIn/Library/Preferences you will find a file named com.linkedin.LinkedIn.plist and this is the file in question.

Simply copying the com.linkedin.LinkedIn.plist file from one device to another and then relaunching the LinkedIn app will automatically log the user is using the account details from the cloned plist file.

I “nabbed” a copy of Gareth Wright’s LinkedIn plist (he emailed it to me) and dropped it onto my own non-jailbroken iPhone and relaunched LinkedIn.

I was instantly into Gareth’s LinkedIn Profile, I could browse all his personal messages, invitations, contacts, edit his profile and even sent myself an invite to join his network!

Here was my LinkedIn screen prior to copying the plist file over

and here it was after copying the plist and relaunching the app. At no point did it prompt me to re-enter my password or authenticate

I was able to navigate his LinkedIn profile without any issues, view all his messages, invitations, connections and even created an invitation and sent it to myself.

and here is the invitation I received


Author: Scoopz

Creator of Computer Nerd with a bias towards anything and everything Apple. Petrol head with a 5.0L V10 507bhp 205mph car...and a 4.0L V6 4x4 for the dog...and a 2.0L 25yr stripped out, rolled caged car for the track too. Owner of a giant Bernese Mountain Dog. Proud to be an all-round geek!

12 thoughts on “LinkedIn iOS app also vulnerable to plist identity theft”

  1. So, why is this any different that backing up cookies from the web browser on an iPhone?

    Doesn’t this really just mean you shouldn’t connect your iPhone to an untrusted computer?

    Modern iPhones require confirmation on the phone to allow the backup, which is inaccessible, if your screen is locked, so at best this is only applicable to older iPhones.

Leave a Reply