A New MobileMe Mess For Apple: User Data Is At Risk

Just when you thought it was safe to use MobileMe, comes the news that your data may be at risk from hackers looking to do no good:

“Apple has reportedly made the service, which provides data syncing between a user’s home computer and an iPhone 3G, easy for hackers to harvest subscribers’ e-mail addresses. According to security researchers, this could lead to a lot more spam and phishing scams.

To exploit MobileMe, hackers can use a Web crawler to sniff users’ public file sharing folder called iDisk to harvest the entire MobileMe user name list, the blog TechCrunch reported Thursday. Once the list is in hand, spammers only have to add @me.com or @mac.com to convert a user name to an e-mail address”

If this is true, that’s a really huge oversight. But this is just a minor annoyance compared to this more serious flaw in MobileMe:

“A far more serious threat is a report earlier this week that Apple encrypts MobileMe login information, but not data that it moves for users over the Web, Eckelberry said. Not using Secure Sockets Layer, cryptographic protocols for secure communications on the Internet places subscribers’ personal data at risk”

Well that’s a show stopper for me. If the product isn’t secure, I won’t use it. Period.

Given this news, and everything else that has gone on with MobileMe, I will not be recommending it to people who ask me about it. It’s now clear to all that Apple cannot get this product to work properly and make it secure. Which is too bad for Apple as the idea is a great one, but the execution quite frankly sucks.

Leave a Reply

%d bloggers like this: