LinkedIn iOS app also vulnerable to plist identity theft

Following the recent findings by Gareth Wright about Facebook iOS app storing authentication keys in a plain text file that is easily accessible even on non-jailbroken devices (allowing it to simply be copied to another device to grant access to that account) we have just discovered the same security flaw is also present in the latest version of LinkedIn iPhone app and you can also easily extract these plist files from iTunes backups.

Using a free app (in this case iExplorer) to browse the contents of your iPhone if you navigate to Apps/LinkedIn/Library/Preferences you will find a file named com.linkedin.LinkedIn.plist and this is the file in question.

Simply copying the com.linkedin.LinkedIn.plist file from one device to another and then relaunching the LinkedIn app will automatically log the user is using the account details from the cloned plist file.

I “nabbed” a copy of Gareth Wright’s LinkedIn plist (he emailed it to me) and dropped it onto my own non-jailbroken iPhone and relaunched LinkedIn.

I was instantly into Gareth’s LinkedIn Profile, I could browse all his personal messages, invitations, contacts, edit his profile and even sent myself an invite to join his network!

Here was my LinkedIn screen prior to copying the plist file over

and here it was after copying the plist and relaunching the app. At no point did it prompt me to re-enter my password or authenticate

I was able to navigate his LinkedIn profile without any issues, view all his messages, invitations, connections and even created an invitation and sent it to myself.

and here is the invitation I received

 

Related posts: No related posts found.

Filed under: Apple, iPhone, Technology, , , , , , , , , , ,

7 Responses to “LinkedIn iOS app also vulnerable to plist identity theft”

  1. LinkedIn also Vulnerable to Plist Theft - Neil Scoopz up login credentials and LinksIn to my account | Gareth Wright - providing Custom professional Website and Print Design says:

    [...] IExplore hopefully developers will pay more attention to where they store sensitive information.See the full details on scoopz blog Categories: BlogComments are closed.Anonymous Google SearchSearch the [...]

    April 7th, 2012 at 8:15 pm

  2. Facebook Mobile Security Hole Allows Identity Theft [Updated] | Gareth Wright - providing Custom professional Website and Print Design says:

    [...] been used to access their account.They do that for the web, why not mobile devices….UPDATE:LinkedIn is also vulnerable Categories: BlogComments are closed.Anonymous Google SearchSearch the [...]

    April 7th, 2012 at 8:25 pm

  3. satish b says:

    Nice find…

    April 9th, 2012 at 6:14 am

  4. Flaw in popular mobile apps exposes users to identity theft « My Web PC Tech says:

    [...] Next Web found that the iOS app for Dropbox also has the flaw, as does the LinkedIn app for iOS, according to Scoopz. The flaw is present in various iOS mobile games, too, according to Wright, which players can [...]

    April 9th, 2012 at 1:11 pm

  5. Flaw in popular mobile apps exposes users to identity theft | ITCS Industry Blog says:

    [...] his findings, The Next Web found that the iOS app for Dropbox also has the flaw, as does the LinkedIn app for iOS, according to Scoopz. The flaw is present in various iOS mobile games, too, according to Wright, [...]

    April 9th, 2012 at 9:18 pm

  6. LinkedIn iPhone app does not expire session on logout | SECURITYLEARN says:

    [...] the authTokens in the plist file is a bad design idea. The problem is well explained in scoopz blog.  In addition to that, LinkedIn does not expire the authTokens even after a user logged out [...]

    August 4th, 2012 at 2:10 pm

  7. LinkedIn iPhone application session expiration vulnerability « SECURITYLEARN says:

    [...] the authTokens in the plist file is a bad design idea. The problem is well explained in scoopz blog.  In addition to that, LinkedIn does not expire the authTokens even after a user logged out [...]

    August 7th, 2012 at 2:58 pm

Leave a Reply

« »