• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Apple's New APIs Prevent In-App Hack


    Alexey Borodin, the Russian hacker responsible for discovering a system that circumvents in-app purchases recently confirmed that Apple’s newly-instituted receipt validation system is in fact effective. In a new blog post titled “It’s all over… for now” on his website, Borodin said that there is no way to bypass the new APIs Apple rolled out late last week as a quick fix for the revenue-stealing exploit which was made public earlier.

    The exploit, which validated fraudulent purchases by routing them through a specialized DNS server that spoofed digital receipts. was discovered first for the iOS platform and more recently for Mac apps. Apple responded by blocking the IP addresses associated with Borodin’s workaround and attempted to shut down the DNS servers hosting the receipt validations.

    Apple announced a temporary solution to developers allowing them to plug the hole days later and announced that a permanent fix would be present in the upcoming iOS 6 mobile operating system. Borodin posted the following on his blog:

    Originally Posted by :
    Hello everyone.

    By examining last apple's statement about in-app purchases in iOS 6, I can say, that currently game is over. Currently we have no way to bypass updated APIs. It's a good news for everyone, we have updated security in iOS, developers have their air-money.
    But, service will still remain operational until iOS 6 comes out.

    The another thing is for in-appstore for OS X. We still waiting for apple's reaction and we have some cards in the hand. It's good that OS X is open.
    Apple’s solution leverages receipts which carry a “unique identifier” to validate in-app purchases. The previous system just generated generic receipts with no specific user data attached, therefore allowing for easy spoofed validations. As of right now, it isn’t clear what type of unique identifier is being used, although some are speculating that it could be a proprietary system based on UDID data.

    It isn’t much of a surprise to see such a big issue being responded to so quickly. Especially given the sheer number of those affected by a loss in revenue due to the exploit. That being said, many do wonder if this will turn to another cat-and-mouse game, although this is definitely one Apple will stay on top of with utmost importance.

    Source: Alexey Borodin (blog)
    This article was originally published in forum thread: Apple's New APIs Prevent In-App Hack started by Akshay Masand View original post
    Comments 28 Comments
    1. mustard05's Avatar
      mustard05 -
      I still love how the ModMyi police lets these articles be written, but then warms, restricts, edits, modify's, or basically tries anything and everything under the sun to "uphold the rules", except remove the thread.

      Quote Originally Posted by bigray View Post
      We are here to get the latest news. I actually didn't know about the inapp purchase hack until I saw it on here and then google found it for me
      I didn't either. I'm still surprised it the story was true and not an unconfirmed rumor. Haha
    1. Agent929's Avatar
      Agent929 -
      Quote Originally Posted by H4CK3R View Post
      You aren't allowed to share this stuff on here. Read the rules....

      Good luck getting an infraction if you do lol.
      He probably used it to get the ads removed from the modmyi app lol
    1. Hogs4Life's Avatar
      Hogs4Life -
      Quote Originally Posted by mustard05 View Post
      Why are u here then?? Seriously.
      Because I can be?

      I only use MMi for ****** news on a very rare occasion, and to browse the Themes section and then use certain unnamed cracked versions of the themes I want to use. Oh and same for tweaks too.

      Other than that I don't use this site, jailbreak/hacking news, and a few phone tweaks.

      87 posts since May of 2008 should give that away...hackers make cracked Apps just like hackers make jailbreaking possible. Same damn thing.
    1. Agent929's Avatar
      Agent929 -
      Quote Originally Posted by Hogs4Life View Post
      Because I can be?

      I only use MMi for ****** news on a very rare occasion, and to browse the Themes section and then use certain unnamed cracked versions of the themes I want to use. Oh and same for tweaks too.

      Other than that I don't use this site, jailbreak/hacking news, and a few phone tweaks.

      87 posts since May of 2008 should give that away...hackers make cracked Apps just like hackers make jailbreaking possible. Same damn thing.
      And technically your not breaking any laws by pirating their software since its not technically copyrighted at all lol
    1. H4CK3R's Avatar
      H4CK3R -
      Quote Originally Posted by Hogs4Life View Post
      Because I can be?

      I only use MMi for ****** news on a very rare occasion, and to browse the Themes section and then use certain unnamed cracked versions of the themes I want to use. Oh and same for tweaks too.

      Other than that I don't use this site, jailbreak/hacking news, and a few phone tweaks.

      87 posts since May of 2008 should give that away...hackers make cracked Apps just like hackers make jailbreaking possible. Same damn thing.
      This is the kinda stuff that makes the jailbreaking community just wrong. People obviously don't understand the point of it.
    1. donpavle's Avatar
      donpavle -
      what game is behind on that picture?
    1. kyphur's Avatar
      kyphur -
      Quote Originally Posted by Hogs4Life View Post
      hackers make cracked Apps just like hackers make jailbreaking possible. Same damn thing.
      You sir are ignorant as to what exactly a hacker is and who "cracks" apps.

      Hackers are computer hobbiest/enthusists who try to see exactly what they can do with the hardware/software. When they do crack software it isn't to distribute but rather to figure out how to do it. Jailbreaking (and Rooting Android devices) is legal because it simple gives us greater access to the devices & software we legally purchased.

      Computer Criminals don't crack & distribute software for the common good. They do it to purposely violate the Law.

      Do not insult the Dev Team and real hackers by calling criminals hackers.

      It is people like you who give Jailbreaking a bad reputation. Nice to know that you deprivation e members of the JB Community as well though...
    1. mustard05's Avatar
      mustard05 -
      Yay, the MMi police didn't edit my comments. I Cannot be silenced. Lol