Linkedin iOS app V 6_1_2 HTML message parsing vulnerability

LinkedIn iOS app parses HTML in the messages, and this can be used to phish for credentials or be escalated into a full blown attack.

Senior CyberSecurity Specialist Zouheir Abdallah @ZuZ (Twitter handle), has publicly and responsibly disclosed a vulnerability in LinkedIn’s mobile app. Zouheir is known for reporting a serious vulnerability in DropBox’s 2 Factor Authentication back in July 2013.

LinkedIn’s vulnerability lies in the messaging feature of LinkedIn’s mobile app, that parses HTML code, which could have serious impact on LinkedIn‘s users. A proof of concept was made and submitted to LinkedIn in September 2013 and the App was patched in October 2013. One possible attack vector is using this vulnerability to phish users of LinkedIn’s mobile app.

The details of this attack can be found in the attached PDF document, below the proof of concept.

Send a message to a user with the following content

Hey, Can you please view my LinkedIn profile and endorse me! Thanks! I appreciate it!
<a href=”InsertPhishingSiteHere.com”>
qa.linkedin.com/in/zouheirabdallah</a>
regards,

The phishing site can be a replica of LinkedIn and tricks the victim into giving out his username and password.
The iOS app will display the url without the hyperlink embedded in the HTML a href , and the receiver of the message will not even know that he is being redirected to a malicious site. This attack can be used against LinkedIn too by claiming that LinkedIn requires re-authentication to view some article on LinkedIn. This attack could also work on different devices such as Android and Blackberry, but he couldn’t test as he didn’t have other handsets at hand.

LinkedIn doesn’t have a security bounty neither a Hall Of Fame, nevertheless he received a symbolic token of a shirt, mug, and a thank you note from LinkedIn’s security team.

Zouheir Abdallah

Pierluigi Paganini

(Security Affairs – LinkedIn, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.