Apple MobileMe Reportedly Vulnerable To Data Loss - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Infrastructure // PC & Servers

Apple MobileMe Reportedly Vulnerable To Data Loss

Sniffing public file sharing folders is the latest in a string of problems that has plagued the service, which replaced Apple's .Mac service.

Apple's MobileMe online service, which has been beset with problems since its launch in July, appears to have a new threat -- some user data may be at risk.

Apple has reportedly made the service, which provides data syncing between a user's home computer and an iPhone 3G, easy for hackers to harvest subscribers' e-mail addresses. According to security researchers, this could lead to a lot more spam and phishing scams.

To exploit MobileMe, hackers can use a Web crawler to sniff users' public file sharing folder called iDisk to harvest the entire MobileMe user name list, the blog TechCrunch reported Thursday. Once the list is in hand, spammers only have to add @me.com or @mac.com to convert a user name to an e-mail address.

Apple was not immediately available for comment on Friday.

Alex Eckelberry, chief executive of security vendor Sunbelt Software, said the vulnerability may be Apple's oversight in designing MobleMe.

"It's a little silly for Apple to set it up this way," he said.

The potential exploit, however, amounts to more of an annoyance for subscribers than a serious threat, since spammers can't gain access to personal information, such as credit card numbers. "The reality is if you're on the Internet, you're open to spamming anyway, and this is just one more way for spammers to get your e-mail address," Eckelberry said.

A far more serious threat is a report earlier this week that Apple encrypts MobileMe login information, but not data that it moves for users over the Web, Eckelberry said. Not using Secure Sockets Layer, cryptographic protocols for secure communications on the Internet places subscribers' personal data at risk.

"The encryption issue to me is far more serious, and Apple should give it a higher priority to fix," Eckelberry said.

The reported vulnerabilities are the latest of several problems that has plagued the service, which replaced Apple's .Mac service.

Apple chief executive Steve Jobs introduced MobileMe at the Worldwide Developers Conference in San Francisco, alongside the iPhone 3G. MobileMe provides a bundle of storage, calendar, e-mail and photo services, and costs $99 a year.

But from the beginning, MobileMe has had problems with users visiting the service's Web portal Me.com, syncing data and accessing e-mail. The problems have angered subscribers to a point where Apple offered to make amends by giving away 60 days of the service.

In a leaked internal e-mail, Jobs acknowledged that the service was "not up to Apple's standards," and reorganized the management team behind MobileMe.

In a related note, InformationWeek has published its 2008 Strategic Security Survey. The report can be downloaded here. (registration required).

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
Slideshows
Flash Poll