Apple’s Ping “drowning in scams and spams”
Security firm Sophos has slammed Apple for failing to secure its new Ping social network, claiming the service is sinking in “scams and spams”.
Apple launched iTunes 10 earlier this week, featuring a social network service dubbed Ping. While it looks willing to tackle the might of FaceBook and Twitter, Apple does not appear to have learned from the rival networks’ mistakes.
“Most of the security industry has been pointing out the migration of spam from an email-only venture to blog/forum comments, Facebook, Twitter and other Web 2.0 platforms,” said Sophos senior security analyst Chester Wisniewski in a blog post.
It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams
“But apparently Apple didn’t consider this when designing Ping, as the service implements no spam or URL filtering. It is no big shock that less than 24 hours after launch, Ping is drowning in scams and spams.”
Apple does have some controls in place, Sophos said, but they were largely directed at what users could post on the site.
“Apple seems to have anticipated a certain degree of malfeasance, as profile pictures that you upload will not appear until approved by Apple,” said Wisniewski. “They are likely filtering for other offensive content as well, so they probably have means in place they could use to stop the spam.”
Ironically, the most common spam on Ping at the moment involves Apple’s own product. The attacks are nearly identical to earlier survey spams on Facebook, Google and Twitter, in which users are asked to fill in online surveys for the chance to win or earn an iPhone.
Most of these scams, said Sophos, simply make money for the scammers, who sell the information from the surveys and are unlikely to send out kit to respondents.
“If half as many free iPads, iPhones and iPods were being given away as Ping comments might lead you to believe, there would be no reason to bother with going to an Apple store,” said Wisniewski.
Apple has not returned a request for comment.