Apple's Ping Under Attack!

IT security and control firm Sophos is calling upon users of the new Ping musical social network, created by Apple and built into the new version of iTunes, to be on their guard against scammers and spammers who have deluged the system with fraudulent messages.

Ping, which was only launched this week, is a cross-between Facebook and Twitter, giving over 160 million iTunes users the ability to build networks of friends and musicians, and read comments by other fans.

However, Sophos researchers have found that Ping is being over-run by scams and spam messages, some of which try and direct users into believing they will receive a free iPhone if they complete online surveys.

"We're used to survey scams like this being spread far and wide via sites like Facebook, but clearly the lack of filtering on Ping is making it a brand new playground for the bad guys to operate in," said Graham Cluley, Senior Technology Consultant for Sophos. "It's ironic that the most common scams on Ping right now revolve around Apple's own iPhone. It's safe to assume that Ping does incorporate some rudimentary filtering to prevent offensive messages from being posted, so hopefully Apple's security team can extend this to also block scam messages and malicious links. In the meantime, though, Ping users should be wary of believing what they read on the new service."

iTunes seems to be one of the most 'insecure' services around. According to NetworkWorld, "For more than a year now, scammers have been racking up unauthorized charges on iTunes accounts, leaving Apple's customers to clean up the mess," reported NetworkWorld. Apple reportedly does nothing to stop such scams."
 
"Tech Crunch and the San Jose Mercury News report that the scam is ongoing -- often draining hundreds of dollars or more from accounts -- but consumers have been complaining about the problem since at least early 2009," reported NetworkWorld.

The website reported one user claiming "My iTunes account just got hijacked and someone made about $700 worth of purchases," one Facebook poster wrote Monday. "I contacted Paypal (who was awesome btw, refunded all) and they said Apple has gotten so many attacks since June, they can barely keep up with reporting them all!"
 
Adding social marketing feature like Ping to an highly insecure service like Ping is dangerous.

Sophos published research earlier this year demonstrating that there had been a 70% increase in the number of users reporting spam and malware being spread via social networks, a trend which continues to grow.

"As more companies jump on the social networking bandwagon they must think carefully about what they are going to do to make their communities a safe place for users to hang out," continued Cluley. "If they're complacent about these sorts of security risks then users may end up voting with their feet, and find a safer place to spend their online time."

Ping is not a new concept. Adrian Drury, Ovum’s lead media and broadcast analyst says, "Apple is borrowing from the greatest hits of the pioneers of social content recommendation and discovery for its Ping service. Songbird, Spotify, Last.fm, 7Digital will all recognise elements of their services in this new venture by Apple, but imitation can be a smart strategy."