LinkedIn iOS app also vulnerable to plist identity theft

Following the recent findings by Gareth Wright about Facebook iOS app storing authentication keys in a plain text file that is easily accessible even on non-jailbroken devices (allowing it to simply be copied to another device to grant access to that account) we have just discovered the same security flaw is also present in the latest version of LinkedIn iPhone app and you can also easily extract these plist files from iTunes backups.

Using a free app (in this case iExplorer) to browse the contents of your iPhone if you navigate to Apps/LinkedIn/Library/Preferences you will find a file named com.linkedin.LinkedIn.plist and this is the file in question.

Simply copying the com.linkedin.LinkedIn.plist file from one device to another and then relaunching the LinkedIn app will automatically log the user is using the account details from the cloned plist file.

I “nabbed” a copy of Gareth Wright’s LinkedIn plist (he emailed it to me) and dropped it onto my own non-jailbroken iPhone and relaunched LinkedIn.

I was instantly into Gareth’s LinkedIn Profile, I could browse all his personal messages, invitations, contacts, edit his profile and even sent myself an invite to join his network!

Here was my LinkedIn screen prior to copying the plist file over

and here it was after copying the plist and relaunching the app. At no point did it prompt me to re-enter my password or authenticate

I was able to navigate his LinkedIn profile without any issues, view all his messages, invitations, connections and even created an invitation and sent it to myself.

and here is the invitation I received

 

10 Responses to “LinkedIn iOS app also vulnerable to plist identity theft”

  1. LinkedIn also Vulnerable to Plist Theft - Neil Scoopz up login credentials and LinksIn to my account | Gareth Wright - providing Custom professional Website and Print Design says:

    [...] IExplore hopefully developers will pay more attention to where they store sensitive information.See the full details on scoopz blog Categories: BlogComments are closed.Anonymous Google SearchSearch the [...]

  2. Facebook Mobile Security Hole Allows Identity Theft [Updated] | Gareth Wright - providing Custom professional Website and Print Design says:

    [...] been used to access their account.They do that for the web, why not mobile devices….UPDATE:LinkedIn is also vulnerable Categories: BlogComments are closed.Anonymous Google SearchSearch the [...]

  3. satish b says:

    Nice find…

  4. Flaw in popular mobile apps exposes users to identity theft « My Web PC Tech says:

    [...] Next Web found that the iOS app for Dropbox also has the flaw, as does the LinkedIn app for iOS, according to Scoopz. The flaw is present in various iOS mobile games, too, according to Wright, which players can [...]

  5. Flaw in popular mobile apps exposes users to identity theft | ITCS Industry Blog says:

    [...] his findings, The Next Web found that the iOS app for Dropbox also has the flaw, as does the LinkedIn app for iOS, according to Scoopz. The flaw is present in various iOS mobile games, too, according to Wright, [...]

  6. LinkedIn iPhone app does not expire session on logout | SECURITYLEARN says:

    [...] the authTokens in the plist file is a bad design idea. The problem is well explained in scoopz blog.  In addition to that, LinkedIn does not expire the authTokens even after a user logged out [...]

  7. LinkedIn iPhone application session expiration vulnerability « SECURITYLEARN says:

    [...] the authTokens in the plist file is a bad design idea. The problem is well explained in scoopz blog.  In addition to that, LinkedIn does not expire the authTokens even after a user logged out [...]

  8. Carlos Danger says:

    So, why is this any different that backing up cookies from the web browser on an iPhone?

    Doesn’t this really just mean you shouldn’t connect your iPhone to an untrusted computer?

    Modern iPhones require confirmation on the phone to allow the backup, which is inaccessible, if your screen is locked, so at best this is only applicable to older iPhones.

  9. admin says:

    This post is from 2012 when verification to connect to an unsecured computer wasn’t required.

  10. IOS Application Security Part 10 – IOS Filesystem and Forensics : mSecLabs – Mobile Security Labs says:

    […] Plist files may also contain confidential information like usernames or passwords. The important thing to note is that is that anyone can extract a plist file from a device even if its not jailbroken. You can also extract plist files from itunes backup files. Developers over the last few years have stored confidential information in plist files which is not the correct way. A vulnerability was found in the Linkedin IOS app where the developer was storing user authentication information in plist files. You can find more information about it here. […]

Leave a Reply

Protected with IP Blacklist CloudIP Blacklist Cloud