Hitechanalogy
Home » Apple » Russian Hacker Exploits iOS to Get Free In-App-Purchases without Jailbreaking

Russian Hacker Exploits iOS to Get Free In-App-Purchases without Jailbreaking

Posted by July 15, 2012 • Apple

Hackers are clever enough to find flaws in iOS security system: a Russian hacker, Alexey Borodin, has succeeded to discover a very simple method by exploring exploits in iOS which eventually makes users able to get free iOS apps after bypassing Apple’s In App Purchase process, as  pointed out by 9to5Mac.

in_app_purchase-apple

The technique developed by the hacker to bypass the whole process of In App Purchase does not require jailbreaking; instead it works by installing a pair of certificates on the user’s device and utilizing custom DNS entry. Users can then do in-app purchases normally and automatically be redirected through the hacked system.

The Next Web comments on the method developed by Alexey Borodin, which in fact can’t be disallowed simply by using receipt validation.

All Borodin’s service needs is a single donated receipt, which it can then use to authenticate anyone’s purchase requests. Many of those receipts have been donated by Borodin himself, who has spent several hundred dollars on in-app purchases testing and generating receipts. [...]

Because the bypass emulates the receipt verification server on the App Store, the app treats it as an official communication, period.

Similarly Macworld also posted a brief account on Borodin’s hack, and noted that Borodin is quite able to see users’ App Store account names and passwords, as they are passed on in clear text as a part of the In App Purchase system.

“I can see the Apple ID and password,” for accounts that try the hack, Borodin told Macworld. “But not the credit card information.” Borodin said that he was “shocked” that passwords were passed in plain text and not encrypted.

According to [developer Marco] Tabini, though, “Apple presumes it’s talking to its own server with a valid security certificate.” But that was clearly a mistake—“This is entirely Apple’s fault,” Tabini added.

Apple has also issued its response over the issue while corresponding with  The Loop  and said that the company is well aware of the matter and is exploring the reasons those encourage the hacker to exploit iOS to get free content without going through In App Purchase process.

 “The security of the App Store is incredibly important to us and the developer community, Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”

To Get Yourself Updated with the Latest & Hottest Tech News, Join Us On Facebook or Follow Us On Twitter or Check Out Our Google+ Account

Post Tags:

  • in app purchase

Related posts:

  1. OS X Mountain Lion Introducing Automatic App Downloads to Mac App Store Purchases Just like iOS
  2. Amazon Selling “iOS Hacker’s Handbook” Edited by MuscleNerd! i0n1c Included in Author List
  3. Top 10 FAQs about iOS Jailbreaking/Jailbreakers and Jailbreaking Tools
  4. Gmail Accounts of Top US Officials & Chinese Activists were Attempted to Hack by Chinese Hacker! Google
  5. iOS Jailbreakers Can Earn $250,000 From Governments By Selling Jailbreak Exploits!
Tags: ,
Facebook Twitter Google Plus
© 2012 Hitechanalogy. All rights reserved.