Malware could turn innocent iTunes Plus users into file-sharers

Malware could turn innocent iTunes Plus users into file-sharers

Summary: Freedom to Tinker raises an interesting concern that malware could be used to turn innocent iTunes Plus (Apple's DRM-free music offering) users into file-sharers.

SHARE:
TOPICS: Malware, Apple
41

Freedom to Tinker raises an interesting concern that malware could be used to turn innocent iTunes Plus (Apple's DRM-free music offering) users into file-sharers. 

iTunes PlusIf a file is swiped from a customer’s machine and then distributed, you’ll know where the file came from but you won’t know who is at fault. This scenario is very plausible, given that as many as 10% of the machines on the Net contain bot software that could easily be directed to swipe iTunes files.

This is an interesting scenario, and I'm quite certain that if iTunes Plus takes off, someone somewhere running a bot network will give this a go, if for no other reason than so that he or she can have a good chortle.  But what bothers me more is that files could leak to the P2P networks via other users of a PC (for example, one user on a PC has an iTunes account and gives iTunes Plus a spin, then later another user decides to share these files with a friend or family member who's also into file-sharing ...).

Also, just as I had suspected, there's no integrity check on the validity of the iTunes user name stored in the file:

More interesting than the lack of encryption is the apparent lack of integrity checks on the data. This makes it pretty easy to change the name in a file. Fred predicts that somebody will make a tool for changing the name to “Steve Jobs” or something. Worse yet, it would be easy to change the data in a file to frame an innocent person – which makes the name information pretty much useless for enforcement.

All in all, pretty sloppy on Apple's part, although I'm expecting that the Apple apologists (those who'd be calling for hangings if it was Microsoft doing something like this) will have very good excuses as to why Apple opted to do this. 

Thoughts?

Topics: Malware, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

41 comments
Log in or register to join the discussion
  • Innocent?

    Your title mentions innocent, then goes on to state...

    [B]then later another user decides to share these files with a friend or family member who?s also into file-sharing ?[/B]

    Then it's time to smack them upside the head and tell them the difference between right and wrong. File sharing of copyrighted work that you don't own the rights to [B]is WRONG[/B].

    If it's your kids doing the filesharing, maybe it's time to go over right and wrong. If it's your brother, maybe it's time to block access to your music if they can't use it responsibly.

    I don't see the name tag holding up in court because anyone can use a hex editor and modify it to anything. As for bots inside computers, isn't that really widespread today, and since most music exists DRM free (ripped from CDs), the problem would not be any worse than it already is.

    In any case, DRM free music is DRM free for the purchasers fair use, not a license to put on p2p networks or give away to all your friends.

    TripleII
    TripleII-21189418044173169409978279405827
    • What I mean there ...

      ... is another user with access to the PC, not the same user ...
      Adrian Kingsley-Hughes
      • I do see your point

        especially about the bots. The other user still needs to know/learn that sharing music, just because they can much more easily, is still wrong.

        TripleII
        TripleII-21189418044173169409978279405827
        • I don't think peole care all that much

          Most people know it's wrong but do it anyways. So what's that say about society. It's like speeding, everyone know you shouldn't and it's wrong to speed but most people do speed. Why? Because the chance of getting caught is minimal and the fines if you do get caught are minor. Now with fileswapping you have better chance of a lottery win worth millions than you do of getting caught. Sure if you get caught the penalties are high but really how many times have you won the millions in the lottery, I know I'm still waiting for that to happen and it's been several decades.

          So here's what we know. We know if a song can be traded easily it will and we also know that CDs still sell, people still listen to radio and attend concerts even if they can get the music for free via the internet. So you can try to battle casual piracy but you will lose or you try to get people to buy music by making it more than just a digital file that anyone can get for free.

          I'm not advocating piracy here, I'm just saying choose your battles. I don't think you can win by attacking casual piracy but I think you can by offering something of value over a plain jane digital file.

          I think of water and how they pulled that off. They offered something better than tap water even if only in perception but not in reality. Now they sell tap water in fancy bottle and people eat it up. I could just as easily fill my own bottle from the tap at home. The Tap is just like the my internet pipe. What can the music industry do to make music like bottled water?
          voska
          • Water

            <i>What can the music industry do to make music like bottled water?</i><br><br>
            Ah, I see where you're going with this...reverse osmosis is the key to stopping piracy.
            ITguy5678
          • Not like speeding

            Speeding is a relative thing, that may or may not be a bad thing - and most people know this. In terms of safety, someone doing 100 mph on an empty interstate posted at 65 is NOT as dangerous as someone doing the posted 25 mph in a school zone on glare ice. Like I said - relative.

            Theft, however, is not relative. You do it - or you don't. The only grey area is created by those who purchase the one they decide to keep, and dump the ones they 'test' as quickly as possible - a somewhat dark gray, but gray nevertheless.

            Better analogies please! :)
            Freebird54
          • copyright infringement != theft.

            Now you just sound like an RIAA shill.

            Theft deprives a person of the original object. Sharing a digital file, particularly with a friend or family member, is not theft, piracy or copyright infringement.

            Thank god there's those of us who don't live in a country where the government is owned by the media cartels.
            rtk
  • AFAIK

    Both could happen, in case 1, i don't know what's worse, having some songs shared, or what could also happen, have all you're personal documents shared over the internet...
    Case 2 is just bad luck, it could only be prevented by ensuring that users of a pc can't have access to each other directories.

    One thing to consider though is that we're only aware of one watermark in the file, which is also pretty obvious. If there's another one not so easy detectable (which wouldn't surprise me @ all), the consistency check would be very well possible
    tombalablomba
  • Apple apoligists !?!?!?

    Say what Adrian . Here is a big question for you Adrian . How is the Zune and Plays For Sure market doing ? Last I heard it was supposed to kill the iPod & iTunes market . Nothing yet . When will Microsoft learn to stop being so stereo typical and for once make something innovative . All I ever hear is how Microsoft is going to take this market and take that market . Get over yourselves you bunch of dinosaurs , the future is here already . Many in the IT community have finally acknowledged that the old way of doing things is no longer appealing . It's time to move the old refuse to the way side and let the future finally come in .
    Intellihence
    • So ...

      ... is what you are saying is that Microosft should do the same thing? Or not? I can't see how Zune comes into this ...
      Adrian Kingsley-Hughes
      • Not so much.

        It's only sloppy if the user tag on the file is meant to be used for legal measures,
        which it obviously is not, for all the reasons you mention.

        Considering all the overreaction accross the net regarding this problem, it would be
        nice if Apple spoke up about what this tag is meant to accomplish, but in no scenario
        can I imagine that it is intended for any legal purpose.
        jerel.krueger@...
        • Then, what's the point?

          Why put any personal data in the file at all, then?

          Or is it meant to mislead the user into believeing the he/she now owns the rights to the file and can do what they wish with it?
          Big Scoddie
        • Maybe it WAS meant for legal reasons

          and Apple just did a really incompetent job of implementing it? Remember, this is by the same people who brought you the AppleTV, one of the worst devices to ever be created.

          [i]in no scenario can I imagine that it is intended for any legal purpose.[/i]
          NonZealot
    • Way to prove his point!

      I don't think you could have done it any better if you were actually trying!
      NonZealot
    • set time machine to 1996

      "the future is here already . Many in the IT community have finally acknowledged that the old way of doing things is no longer appealing . It's time to move the old refuse to the way side and let the future finally come in ."

      This was funny and fresh, a decade ago. You need to find some new material.
      rtk
  • So freaking what

    Sorry Adrian, can't get my panties into a twist over this one. So far, none of the evidence that can be gathered by the RIAA seems to hold up in court. They've dropped every single lawsuit where people have refused to settle, and in some cases, they've been ordered to pay legal fees for the person sued.

    This is more of the same, more flimsy evidence that the RIAA could use to send out more extortion demands, but that doesn't have a hope in hell of standing up in court. I'm surprised we haven't yet seen scripts to change all of those tags yet (I predict we will within the next few weeks).

    Your assumption is that these tags are put there solely by Apple for the purpose of preventing filesharing. Are you sure of this? Could Apple have any other reason for doing this (accounting?)?
    tic swayback
    • Accounting???

      it is flimsy at best, and you think they should use it to balance books?

      Madness indeed. The 'watermark' serves no purpose what so ever. I'm left wondering why Apple bothered.
      mdemuth
      • Exactly right

        [i]The 'watermark' serves no purpose what so ever. I'm left wondering why Apple bothered.[/i]

        Either Apple is stupid for bothering to do something with no purpose or they are stupid for having a purpose but really, really, really botching it. Can't Apple do anything right? It would appear not.
        NonZealot
        • Can't Apple do anything right?

          Hmm. Marketshare is up. Revenue is up. Net is up. At the top for customer
          satisfaction among computer companies.

          You're right - they just keep botching it.
          msalzberg
          • The MS is even more right!

            OUCH!!!
            NonZealot