Malware could turn innocent iTunes Plus users into file-sharers

Summary:Freedom to Tinker raises an interesting concern that malware could be used to turn innocent iTunes Plus (Apple's DRM-free music offering) users into file-sharers.

Freedom to Tinker raises an interesting concern that malware could be used to turn innocent iTunes Plus (Apple's DRM-free music offering) users into file-sharers. 

iTunes Plus
If a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.

This is an interesting scenario, and I'm quite certain that if iTunes Plus takes off, someone somewhere running a bot network will give this a go, if for no other reason than so that he or she can have a good chortle.  But what bothers me more is that files could leak to the P2P networks via other users of a PC (for example, one user on a PC has an iTunes account and gives iTunes Plus a spin, then later another user decides to share these files with a friend or family member who's also into file-sharing ...).

Also, just as I had suspected, there's no integrity check on the validity of the iTunes user name stored in the file:

More interesting than the lack of encryption is the apparent lack of integrity checks on the data. This makes it pretty easy to change the name in a file. Fred predicts that somebody will make a tool for changing the name to “Steve Jobs” or something. Worse yet, it would be easy to change the data in a file to frame an innocent person – which makes the name information pretty much useless for enforcement.

All in all, pretty sloppy on Apple's part, although I'm expecting that the Apple apologists (those who'd be calling for hangings if it was Microsoft doing something like this) will have very good excuses as to why Apple opted to do this. 


Topics: Security, Apple


Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.