Click to Skip Ad
Closing in...

iPhone hacker shows the world how to steal in-app purchases [updated]

Updated Dec 19th, 2018 8:29PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

In Russia, iPhone hacks you! Via 9to5Mac, it seems that a crafty Ruskie hacker who calls himself “ZonD80” has concocted a method that lets even novice hackers get free in-app purchases from the Apple App Store without even having to jailbreak their iPhone. 9to5Mac says that the hacker’s content-stealing method has three steps: “The installation of CA certificate, the installation of in-appstore.com certificate, and the changing DNS record in wi-fi settings.” Once all these steps are complete, the hacker’s in-appstore.com interface takes over and lets users grab content from the App Store without paying.

UPDATE: Apple responded to the security flaw in a statement provided to The Loop. “The security of the App Store is incredibly important to us and the developer community,” an Apple spokeswoman said. “We take reports of fraudulent activity very seriously and we are investigating.”

Amusingly, 9to5Mac also reports that ZonD80 is imploring users to “not pirate AppStore apps” even though his program is designed to do exactly that. 9to5Mac also issues a battle cry to iOS developers to help patch this apparent flaw in the App Store in order to make sure developers keep getting paid for their work. (As an editorial aside: Please don’t steal app developers’ content.)

Read

Brad Reed
Brad Reed Staff Writer

Brad Reed has written about technology for over eight years at BGR.com and Network World. Prior to that, he wrote freelance stories for political publications such as AlterNet and the American Prospect. He has a Master's Degree in Business and Economics Journalism from Boston University.