In less than 48 hours Ping netted over one million users. But will its success also become a source of woe for Apple’s new music-focused social networking service?
Ping is barely a week old but spammers and scammers already appear to be bent on drowning out the sweet tunes of the social network built into iTunes 10, according to security experts.
“It certainly didn’t take long for scammers and spammers to hit on Ping,” said Bradley Anstis, vice president of technology strategy for M86 Security.
“Of course this development does not come as a surprise. Ping is a new social network and naturally spammers will try and exploit it to reach as many eyeballs as they can,” he told ITBusiness.ca.
This could mean trouble for many businesses, Anstis said, as many social networking site users tend to access these sites even when they are at work.
M86 did not have any immediate numbers on how many spam or scam messages there are on the site. However, Anstis said that over the weekend he saw several “win and free iPad or iPhone” type of scams that have been popular on Facebook and Twitter on the new site.
“It’s as if these scammers just copied their old spam material and brought them over to Ping,” he said.
This was confirmed yesterday by security vendor Sophos, which reported that it has so far not encountered any sophisticated or advanced forms of scams such as clickjacking worms on Ping.
Taking a look at the artist page for singer/songwriter Katy Perry, it didn’t take long to find spam links promising free iPhones in the comments section of several posts. There were also complaints about spam under many of Perry’s other posts, but to Apple’s credit it appears many spamming accounts have already been suspended. Other artist pages had similar spamming problems.
Ping‘s misplaced priorities
Scammers will be scammers and they will also flock to sites that offer the low hanging fruit of numerous users. However, Apple is not entirely blameless according to M86.
“Apple might have done a better job of taking some precautions,” said Anstis.
For instance, he said, the company appears to be monitoring and moderating photos posted to the site but appears not to be as stringent in filtering for possible spam.
“They have the technology to monitor and filter replies that contain ‘www.’ or ‘http’ which could be an indication of a spam message. But they did not,” Anstis said.
Even though comment spam is relatively common it’s not clear if Apple is doing more than just manually removing bogus links based on user complaints.
Sophos says Apple has not implemented any form of automated spam or URL filtering in Ping. If correct, Sophos’ claim is a little surprising considering that Apple appears to be filtering profile photos for content.
While obscene or copyright infringing photos may be a concern, a far more common problem for many blogs, Web sites and larger social networks is comment filtering for spam and malicious URLs. Compounding the spam problem, Sophos says, is that you don’t need to use a credit card or other form of identification to join Ping.
Apple cleans up Ping site
Apple, however, appears to have cleaned up Ping by Tuesday, according to Satnam Naranb, threat analyst for M86.
“To Apple’s credit, they have made efforts to clean up the site. We found that a number of the spam posts seen over the weekend have been pulled out,” he said.
Naranb also said that despite the bad press and possible spam, it’s still a good idea for users to upgrade to iTunes 10 which contains Ping.
“The new iTunes contains 13 fixes for vulnerabilities in iTunes,” he said. The fixes are for the WebKit components used to display previous versions of the iTunes’ user interface.
If you find comment spam on Ping, you can report it by clicking on “Report” next to the “Show more comments/Hide comments” link on every Ping post.
With notes from Ian Paul