Apple’s Ping a scammers haven? Security experts say watch out
Apple’s music-focused social network, Ping is only a few days old, and already the iTunes-based feature is “drowning in scams and spams,” security researchers say. The scams are nothing too advanced at the moment, and there are no reports of clickjacking worms or other forms of aggressive malware, experts say. But if you’re looking for links to bogus surveys promising free iPhones, iPads and other assorted iDevices then Ping in iTunes 10 is the social network for you.
Security firm Sophos advises all users to upgrade to iTunes 10 despite the wide number of scams you’re likely to come across. The new iTunes contains 13 vulnerability fixes for the WebKit components used to display the previous version of the iTunes’ user interface, according to Sophos. But, Sophos warns, with the newest iTunes 10 come cautions.
Spam and scam hunting
Taking a look at the artist page for singer/songwriter Katy Perry, it didn’t take long to find spam links promising free iPhones in the comments sections of several posts. There were also complaints about spam under many of Perry’s other posts, but to Apple’s credit it appears many spamming accounts have already been suspended. Other artist pages had similar spamming problems.
Ping’s Misplaced Filtering Priorities
Even though comment spam is relatively common it’s not clear if Apple is doing more than just manually removing bogus links based on user complaints. Sophos says Apple has not implemented any form of automated spam or URL filtering in Ping. If correct, Sophos’ claim is a little surprising considering that Apple appears to be filtering profile photos for content. While obscene or copyright infringing photos may be a concern, a far more common problem for many blogs, Websites and larger social networks is comment filtering for spam and malicious URLs. Compounding the spam problem, Sophos says, is that you don’t need to use a credit card or other form of identification to join Ping.
If you find comment spam on Ping, you can report it by clicking on “Report” next to the “Show more comments/Hide comments” link on every Ping post.