• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Apple's New APIs Prevent In-App Hack


    Alexey Borodin, the Russian hacker responsible for discovering a system that circumvents in-app purchases recently confirmed that Apple’s newly-instituted receipt validation system is in fact effective. In a new blog post titled “It’s all over… for now” on his website, Borodin said that there is no way to bypass the new APIs Apple rolled out late last week as a quick fix for the revenue-stealing exploit which was made public earlier.

    The exploit, which validated fraudulent purchases by routing them through a specialized DNS server that spoofed digital receipts. was discovered first for the iOS platform and more recently for Mac apps. Apple responded by blocking the IP addresses associated with Borodin’s workaround and attempted to shut down the DNS servers hosting the receipt validations.

    Apple announced a temporary solution to developers allowing them to plug the hole days later and announced that a permanent fix would be present in the upcoming iOS 6 mobile operating system. Borodin posted the following on his blog:

    Hello everyone.

    By examining last apple's statement about in-app purchases in iOS 6, I can say, that currently game is over. Currently we have no way to bypass updated APIs. It's a good news for everyone, we have updated security in iOS, developers have their air-money.
    But, service will still remain operational until iOS 6 comes out.

    The another thing is for in-appstore for OS X. We still waiting for apple's reaction and we have some cards in the hand. It's good that OS X is open.
    Apple’s solution leverages receipts which carry a “unique identifier” to validate in-app purchases. The previous system just generated generic receipts with no specific user data attached, therefore allowing for easy spoofed validations. As of right now, it isn’t clear what type of unique identifier is being used, although some are speculating that it could be a proprietary system based on UDID data.

    It isn’t much of a surprise to see such a big issue being responded to so quickly. Especially given the sheer number of those affected by a loss in revenue due to the exploit. That being said, many do wonder if this will turn to another cat-and-mouse game, although this is definitely one Apple will stay on top of with utmost importance.

    Source: Alexey Borodin (blog)
    This article was originally published in forum thread: Apple's New APIs Prevent In-App Hack started by Akshay Masand View original post
    Comments 28 Comments
    1. Mrteacup's Avatar
      Mrteacup -
      Vodka bears!
    1. Artist701's Avatar
      Artist701 -
      Mod edit: comment removed
    1. romeoz's Avatar
      romeoz -
      mod edit, comment removed.
    1. dopeyrat's Avatar
      dopeyrat -
      Quote Originally Posted by romeoz View Post
      it not like this is new news....
      Read the forum Rules.
    1. xXR3H@NXx.'s Avatar
      xXR3H@NXx. -
      Good thing this is over.

      Mod edit: Unnecessary comment removed.
    1. mustard05's Avatar
      mustard05 -
      HAHA, I feel like I should make a comment that should be edited or modified by the admin. I mean, every other comment has been edited. LOL
    1. Agent929's Avatar
      Agent929 -
      Quote Originally Posted by mustard05 View Post
      HAHA, I feel like I should make a comment that should be edited or modified by the admin. I mean, every other comment has been edited. LOL
      Wow way to ruin the article with all the edits lol
    1. mustard05's Avatar
      mustard05 -
      Quote Originally Posted by Agent929 View Post
      Wow way to ruin the article with all the edits lol
      Just goes to show you, they(admin) can say whatever they like, but us little people will be edited or modified. Haha
    1. Agent929's Avatar
      Agent929 -
      Quote Originally Posted by mustard05 View Post
      Just goes to show you, they(admin) can say whatever they like, but us little people will be edited or modified. Haha
      So true lol
    1. xXR3H@NXx.'s Avatar
      xXR3H@NXx. -
      I said good thing it's over but there is a way to get free iaps
    1. mustard05's Avatar
      mustard05 -
      Quote Originally Posted by xXR3H@NXx. View Post
      I said good thing it's over but there is a way to get free iaps
      That's it? Seriously?
    1. romeoz's Avatar
      romeoz -
      I just said this is nothing new....
    1. MXCO's Avatar
      MXCO -
      Quote Originally Posted by romeoz View Post
      I just said this is nothing new.........this site is starting to become a joke...
      +1
    1. mustard05's Avatar
      mustard05 -
      Quote Originally Posted by romeoz View Post
      I just said this is nothing new.........this site is starting to become a joke...
      I had a post removed earlier this evening on a different post by the Mods. Oh well…. Just laugh and move on. They obviously are having issues.
    1. Hogs4Life's Avatar
      Hogs4Life -
      Got what I wanted days ago, so did millions. Suck on that Apple!
    1. mustard05's Avatar
      mustard05 -
      Quote Originally Posted by Hogs4Life View Post
      Got what I wanted days ago, so did millions. Suck on that Apple!
      Why are u here then?? Seriously.
    1. bigray's Avatar
      bigray -
      Quote Originally Posted by mustard05 View Post
      Why are u here then?? Seriously.
      We are here to get the latest news. I actually didn't know about the inapp purchase hack until I saw it on here and then google found it for me
    1. kyphur's Avatar
      kyphur -
      Quick question for anyone who actually used the Russian Hack:

      Is a few free in app purchases really worth the risk allowing a hacker access to your iDevice? Seriously once shutdown those "purchases" won't stick as they're not recorded in Apple's system.
    1. xXR3H@NXx.'s Avatar
      xXR3H@NXx. -
      Quote Originally Posted by mustard05 View Post
      That's it? Seriously?
      Yup and its safe but not all games work but most games and it's a cydia tweak. You wanna know?
    1. H4CK3R's Avatar
      H4CK3R -
      Quote Originally Posted by xXR3H@NXx. View Post
      Yup and its safe but not all games work but most games and it's a cydia tweak. You wanna know?
      You aren't allowed to share this stuff on here. Read the rules....

      Good luck getting an infraction if you do lol.