Click to Skip Ad
Closing in...
  1. Best Wireless Charger For iPhone
    13:04 Deals

    3-in-1 wireless charging station for Apple devices is down to $17 at Amazon

  2. Best TV Soundbar
    09:57 Deals

    Did someone make a mistake? There’s no way this soundbar should only cost $49.99

  3. Amazon Best Drone Deals
    11:50 Deals

    Amazon deal drops this top-rated foldable 1080p camera drone to just $49.99

  4. Amazon Echo Auto Price
    08:43 Deals

    Incredible Amazon deal adds hands-free Alexa to any car for $19.99

  5. Amazon Deals
    10:34 Deals

    Today’s best deals: Exclusive Prime-only sale, $50 camera drone, Alexa smart thermos…

Russian hacker battles with Apple to keep in-app purchase exploit alive

Dan Graziano
July 18th, 2012 at 1:30 PM

A Russian hacker named Alexey Borodin recently introduced a program that allowed users to steal in-app purchases from a number of popular apps on Apple’s (AAPL) App Store. It was rather simple to use and only required users to install two security certificates, and change the DNS settings on their devices. The hack worked by placing Borodin’s server in between the device and Apple’s server, where it would intercept incoming purchase requests from the device, WA Today reported. Apple responded by getting the first instructional video removed from YouTube on copyright grounds, although it was quickly replaced with a second video that is still available. The Cupertino-based company also blocked the IP address of the server used by Borodin, convinced the Russian Web host to shut down the service and even worked with PayPal to prevent him from receiving donations.

The hacker has now responded by moving to a new server that is seemingly out of Apple’s reach, and he is now accepting donations through the anonymous service Bitcoin.

Borodin notes that more than 30,000 people have used the exploit and it has become so big that he can no longer pay for the bandwidth required to run it, which is why he is accepting donations. The hacker has even tightened up the exploit so that it no longer interacts with the App Store, making it even harder for Apple to shut down. The hack doesn’t work with all apps, however, only apps that use Apple’s server to validate receipts. As of Apple’s most recent iOS release, iOS 6 developer beta 3, the exploit is still functional.


Popular News