Russian Hacker Figures Out Way to Obtain In-App Purchases for Free

[Phillip Swanson]

A Russian hacker has successfully figured out a method to obtain in-app purchases from iOS apps for free.

The “in-app proxy” method is simple, doesn’t require a jailbreak, and allows users to install in-app content for free. The hack works on all iOS devices 3.0-6.0. We do not condone the stealing of content in any form, and this story, like the 9to5Mac piece, is being written to alert the developer community. The hack is already gaining massive amounts of traction, and hopefully a fix is released soon.

The three-step process involves installing a CA certificate, installing an in-appstore.com certificate, and changing the DNS record.hacker. Once the user completes the process they are met with the message pictured above instead of Apple’s purchase confirmation.

A great deal of information is also processed through the developers servers as part of the process including:

• Restriction level of app
• ID of app
• ID of version
• GUID of your idevice
• Quantity of in-app purchase
• Offer name of in-app purchase
• Language you are using
• Identifier of application
• Version of application
• Your locale

We do not recommend anyone use this process, and we will not provide information on the specifics of the hack. Developers, Apple, fix this. Now.


Source: 9to5Mac

[H4CK3R]

Wow Apple, wow...... -_-

Apple fails at securing stuff like this.

[LittleJob]

this is old news... and i know for a fact he is not the first. i know this site doesn't promote pirated software, but there is a known repo that has had this download for months..

[Senyaichiya]

If you don't condone it then don't write about it...

It's akin to writing a barebones article how to make a IDE and then saying "but don't do it!"

I wouldn't have known about this if not for this post.

[roneraven]

I think I saw something like this the other day.

It didn't look very complicated either

[confucious]

Are people really stupid enough to install stuff from Russian hackers on their phones?

[Glocknine]

Appstore hackable? No way!!! <<<<< that what the apple fanboi brigade will gonna say!!

[bigboyz]

This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!

[Home Skillet]

This is like saying "don't look down"...

[H4CK3R]

Appstore hackable? No way!!! <<<<< that what the apple fanboi brigade will gonna say!!

Anything can be hacked. If you don't believe that, then you don't know what hacking is.

[Illmatic636]

This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!

+1 on this. Kinda hypocritical IMO.
Basically going against your values and beliefs to get an interesting story out.

[ccoltmanm]

This should not be posted. No information here will lead to people chaning the way they deal with in app purchases because it is an apple/itunes problem.

Way to spread the piracy.

[thazsar]

This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!

Don't pull out the 'ban hammer' moderators BUT...

MMI, BigBoss, etc. definitely restrict what kind of tweaks they'll release. I assume it's based off of Sauriks rules. In essence, they will only provide what can safely be installed on your devices instead of letting us choose what we want to do.

For some, that's good!!! For others, well...it's like they created their own Apple App Store w/ a filtering process...

Just thought you all should know!

[mmaboi21]

Those of you who have no self control are probably going to try this... And fail. Makes no difference whether it's posted or not... This is the Internet people! Google anything and you will find it.

[pakitos]

This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!

These are exactly my thoughts about this site.

[rukavuda]

Why tell people about it and give the basic terms of what is used if you don't condone it ?

Seems silly mmi

[H4CK3R]

Don't pull out the 'ban hammer' moderators BUT...

MMI, BigBoss, etc. definitely restrict what kind of tweaks they'll release. I assume it's based off of Sauriks rules. In essence, they will only provide what can safely be installed on your devices instead of letting us choose what we want to do.

For some, that's good!!! For others, well...it's like they created their own Apple App Store w/ a filtering process...

Just thought you all should know!

saurik doesn't restrict them, at all. He doesn't support it, but it's not like he can really enforce it since there's thousands of repos out there.

[Simon]

These are exactly my thoughts about this site.

This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!

This is a modding site. It is for people that want to mod their device and install things to make their device their own without the limitations Apple puts on their OS. It is not a theft site. Their is a big difference between hacking something to make it the way you like it and hacking something to steal things.

+1 on this. Kinda hypocritical IMO.
Basically going against your values and beliefs to get an interesting story out.

Why tell people about it and give the basic terms of what is used if you don't condone it ?

Seems silly mmi

It is a legimitate story and is on pretty much every idevice site there is today, regardless of their stance on the subject. We are not telling people how to do it or that they should do it. It is just something that is obviously news worthy. When you watch the news on TV and they have news stories about people being murdered does it mean they are telling people to go do the same?

[iGamers]

This is a modding site. It is for people that want to mod their device and install things to make their device their own without the limitations Apple puts on their OS. It is not a theft site. Their is a big difference between hacking something to make it the way you like it and hacking something to steal things.





It is a legimitate story and is on pretty much every idevice site there is today, regardless of their stance on the subject. We are not telling people how to do it or that they should do it. It is just something that is obviously news worthy. When you watch the news on TV and they have news stories about people being murdered does it mean they are telling people to go do the same?

Nicely put, But this hack is a completely new one, there have been similar ones which only work on apps that don't have to communicate with a server to verify the app purchase, well at least that's what I believe, however I wouldn't trust this new hack for all the people contemplating trying it, you don't know what other information your sending, it says above you send your location, maybe you also send your apple ID and password, these no telling what other information is being transferred

[AUZambo]

This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!

You couldn't be more wrong. There is absolutely nothing illegal or even wrong about jailbreaking a phone, and the US government has even said so. Jailbreaking a phone is no different than modifying a sports car with a 550 HP engine instead of the 350 HP factory engine. Now if you choose to use that stronger engine to tear up the interstate at 150 MPH then you're doing illegal stuff...but nothing is wrong with having the stronger engine.

Likewise, jailbreaking a phone is nothing more than personalizing a device you own. Now if you use the jailbreak or any other hack to illegally download or install items that should be paid for then you are in the wrong.

Next time you get a speeding ticket you should sue the manufacturer of your car because they gave you the ability to drive so fast.