LinkedIn has had a rough week, not only were they caught transmitting sensitive calendar data in plain text to their servers from their iOS app, but a recent security breach has also left more than a few passwords exposed.
The optional calendar feature in the iOS app aims to match up attendees with their LinkedIn profiles. The problem is that to do so, the app transmits sensitive contact, time, place, and dial-in meeting details without any kind of hashing (although it is sent over SSL encryption). The worst part is that the guys who found the privacy breach say LinkedIn doesn't even need to do things this way in order to retain calendar sync functionality. LinkedIn has been fairly unapologetic about their implementation of the feature, claiming that unlike Path they don't store any of the meeting information on their servers. Still, they released an update yesterday that removed the transmission of meeting notes of calendar events.
As for the passwords, LinkedIn hasn't offered much information as to how or where the breach occurred, but they've automatically reset the password of affected users. LinkedIn has also pledged to add some extra security measures, such as hashing and salting their current password databases.
Considering their membership is predominantly business professionals, this security hooplah is definitely embarrassing and could cost LinkedIn some hard-to-regain credibility. It's unfortunate that Apple didn't catch LinkedIn's calendar gap through the App Store approval process, but the SSL tunnel might have hidden the lack of salting in SHA-1.
That said, how comfortable are you with the idea that other apps on your iPhone or iPad might be sending your data off somewhere in plain text after you've given them permission to access your calendar? What about contacts? Does iOS need a more granular permissions system? How would you feel if your friends were unwittingly sending off personal information about you to a server from their iPhone without your permission?
(Rene and the folks from Tech News Today discussed this on a podcast yesterday, check it out for more.)
Source: LinkedIn, Skycure, TNW
Super-fast mmWave 5G coming to more countries with iPhone 13, says Kuo
A new report from Apple supply chain analyst Ming-Chi Kuo claims Apple will bring faster mmWave 5G to multiple new countries with iPhone 13, including Japan, Australia, and Canada.
Rumor: Apple TV app coming to Sky Q in the UK
A new rumor on Reddit claims the Apple TV app may be coming to Sky Q in the UK.
Apple's App Store 'breaking at the seams', says former marketing director
Apple's former Sr. Director of Worldwide Product Marketing, Michael Gartenberg, says he hopes Apple "gets its act together soon" in the face of growing reports regarding scam apps on its App Store, which he says appears to be "breaking at the seams".
Quickly charge your new iPhone 12 with these fantastic USB-C wall adapters
The best iPhone 12 chargers will let you charge your iPhone super fast. If you plan on getting any of the newly-released iPhone 12 models, you'll want one of these chargers.