Russian Hacker Exploits iOS to Get Free In-App-Purchases without Jailbreaking
Hackers are clever enough to find flaws in iOS security system: a Russian hacker, Alexey Borodin, has succeeded to discover a very simple method by exploring exploits in iOS which eventually makes users able to get free iOS apps after bypassing Apple’s In App Purchase process, as pointed out by 9to5Mac.
The technique developed by the hacker to bypass the whole process of In App Purchase does not require jailbreaking; instead it works by installing a pair of certificates on the user’s device and utilizing custom DNS entry. Users can then do in-app purchases normally and automatically be redirected through the hacked system.
The Next Web comments on the method developed by Alexey Borodin, which in fact can’t be disallowed simply by using receipt validation.
All Borodin’s service needs is a single donated receipt, which it can then use to authenticate anyone’s purchase requests. Many of those receipts have been donated by Borodin himself, who has spent several hundred dollars on in-app purchases testing and generating receipts. [...]
Because the bypass emulates the receipt verification server on the App Store, the app treats it as an official communication, period.
Similarly Macworld also posted a brief account on Borodin’s hack, and noted that Borodin is quite able to see users’ App Store account names and passwords, as they are passed on in clear text as a part of the In App Purchase system.
“I can see the Apple ID and password,” for accounts that try the hack, Borodin told Macworld. “But not the credit card information.” Borodin said that he was “shocked” that passwords were passed in plain text and not encrypted.
According to [developer Marco] Tabini, though, “Apple presumes it’s talking to its own server with a valid security certificate.” But that was clearly a mistake—“This is entirely Apple’s fault,” Tabini added.
Apple has also issued its response over the issue while corresponding with The Loop and said that the company is well aware of the matter and is exploring the reasons those encourage the hacker to exploit iOS to get free content without going through In App Purchase process.
“The security of the App Store is incredibly important to us and the developer community, Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”
- in app purchase