Ping be Spammed!
Apple’s new social network is called Ping. It’s built into iTunes and is a sort of musical Facebook: “There’s no better way to discover new music than to find out what your friends are listening to. Ping gives you even more insight into your friends’ musical tastes through profile pages.”
But like Google’s Buzz, it might have been rushed out a bit too soon with a bit too little thought for the bad guys. Google cocked-up on privacy issues; Apple has cocked-up on its spam-filtering. Sophos researchers have found that Ping is being over-run by scams and spam messages, some of which try to direct users into believing they will receive a free iPhone if they complete online surveys.
We’re used to survey scams like this being spread far and wide via sites like Facebook, but clearly the lack of filtering on Ping is making it a brand new playground for the bad guys to operate in. It’s ironic that the most common scams on Ping right now revolve around Apple’s own iPhone. It’s safe to assume that Ping does incorporate some rudimentary filtering to prevent offensive messages from being posted, so hopefully Apple’s security team can extend this to also block scam messages and malicious links. In the meantime, though, Ping users should be wary of believing what they read on the new service.
Graham Cluley, senior technology consultant for Sophos
Chet Wisniewski, also of Sophos agrees that Apple should be able to improve things
Strangely, Apple seems to have anticipated a certain degree of malfeasance, as profile pictures that you upload will not appear until approved by Apple [approved by Apple? Now that’s a unique idea]. They are likely filtering for other offensive content as well, so they probably have means in place they could use to stop the spam. Another problem that is likely to contribute to spam is that it is quite easy to create bogus accounts for the Ping service because no credit card or other positive identification is required to participate.
Chet Wisniewski’s blog