Spam, Scams Putting A Ding In Apple's Ping
Apple unveiled Ping on Wednesday at a music event in San Francisco. Ping, available in iTunes 10, lets users create profiles, find and follow friends and artists and share their music tastes with others. At the event, Apple CEO Steve Jobs called Ping a combination of Facebook, Twitter and iTunes and said it is a "social network all about music."
But security software vendor Sophos said that Ping is a breeding ground for spam and for spammers, much like its social networking brethren.
"Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms. But apparently Apple didn't consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams," Sophos researcher Chester Wisniewski wrote in a blog post warning of Ping security issues.
Sophos charges that Ping is open for anyone to leave spam disguised as comments or links to potential scams. And while Ping is ripe for the picking, Sophos said Apple did anticipate other issues with its new iTunes-based social network.
"Strangely, Apple seems to have anticipated a certain degree of malfeasance, as profile pictures that you upload [to Ping] will not appear until approved by Apple." Wisniewski wrote. "They are likely filtering other offensive content as well, so they probably have means in place they could use to stop the spam."
Despite Apple's potential to stop the spam, Sophos highlighted another glaring vulnerability that could open the door to spammers.
"Another problem that is likely to contribute to spam is that it is quite easy to create bogus accounts for the Ping service because no credit card or other positive identification is required to participate."
Currently, it appears Apple is the prime target of Ping spammers, as survey spam similar to those on Facebook, Google and Twitter have appeared offering free iPads, iPods and iPhones to users who take the survey. Sophos warned that such surveys should always be avoided.
"If half as many free iPads, iPhones and iPods were being given away as Ping comments might lead you to believe, there would be no reason to bother with going to an Apple store," Wisniewski quipped. "But if you actually want an Apple device, my advice is to go out and buy one, as filling out surveys will likely only end in tears."