In November 2014, Kaspersky’s researchers warned LinkedIn about a security flaw that could put at risk their 360 million users. This was a big concern at the time because LinkedIn has many people from the business area, and any security flaw that makes it spear phishing easier and efficient to execute.
The big risk is that with a specially crafted spear phishing campaign a crook can steal credentials and most probably gain control of their victim’s assets, doing all this without the need of social engineering.
At the time, LinkedIn fixed the vulnerability and said: “While certain HTML content should be restricted and we have issued a fix and thanked Kaspersky researchers; the likelihood of exploit on popular modern email platforms is unlikely.”
Using the words of SecureList, “Researchers found the vulnerability after noticing escape character differences when posting comments from different devices in various posts. The second alert was a malfunction in the platform’s back-end parser that simply interpreted a CRLF (“Enter” keystroke) to an HTML tag <br />, appending it to the post as text. The two were not connected to each other, but they both raised important questions.”
It is evident that there is the risk to underestimate the security issue and at the same time the crooks could be interested to launch a malicious campaign against the popular platform.
People were puzzled since they couldn’t understand what was going on, but for sure something wasn’t right, investigators could partial imitate the behavior of escape character but they weren’t able to bypass the anti-Cross-site Scripting XSS, but eventually investigators had a breakthrough and discover something:
However, what does this means? Is LinkedIn vulnerable?
To be able to provide an answer to the question let’s make two tests.
Before explaining the tests, keep in mind that every time that you comment a post, you will receive notifications via e-mail when other users reply to the same post.
Now see the same comment, when someone commented a post from the LinkedIn website:
Now when that person does the same comments but from the mobile application:
What does this prove? It proves that LinkedIn was using two different email platforms, and that the one used by the mobile application could be used to deliver a malicious payload.
Another good example how the fixed vulnerability could be exploited at the time.
Now see the same comment when received my mail:
As I said, in the beginning of the article LinkedIn fixed this issue, but crooks use LinkedIn to get valuable information about their victims, so be careful and always keep some tips in mind:
The history can teach us lessons, and avoid future problems, so be careful with the connections you accept, and share your personal/Working details, because that ca be used for good but also for bad, and with the right piece of information, crooks can “open some doors”.
About the Author Elsio Pinto
(Security Affairs – LinkedIn, Spear Phishing)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.