LinkedIn is a business-oriented social networking service. It is mainly used for professional networking. LinkedIn is a directory of professionals and companies. Individuals and companies use LinkedIn for networking, job searching, hiring, company research, and connecting with affiliates, including alumni, industry, and a variety of other business related groups.

Do you really think LinkedIn safe? The Answer is No, because an attacker can see your profile and he can modify the profile. Let’s go to the practical demo. Just you need the android mobile device which has been rooted. If you are not aware how to root an android mobile device please read the previous articles. While rooting mobile you should careful and after rooting to your mobile device your mobile device warranty gone. Now install DroidSheep application in your rooted mobile device.

Proof of concept:

1.Once victim login to the application with his or her email id.

2.After login into the application. The screen shows like this.

3.Now, an attacker can launch the DroidSheep application in his or her rooted mobile device. He or she can do the ARP spoofing from the device.

4.Once an attacker open the site. He or she will get the session id.

Why it is happens? Because the application using the http connection by default. So the attacker can easily get the session of the victim. LinkedIn aware of this issue and they are started working on this from 2013.

People who they want to be secure their communication they can change settings of their account.

See this below helpfull links :

http://help.linkedin.com/app/answers/detail/a_id/6021
https://engineering.linkedin.com/https/default-https