Apple Attempting to Block In-App Purchasing Hack

[Phillip Swanson]

Last week a Russian hacker managed to circumvent Apple’s in-app purchase process, potentially costing developers loads of money. Apple doesn’t have a fix, but is actively attempting to shut down the hacker’s operation.

The hack allows users to download in-app purchases free of charge, but as a result the users personal information passes through the hacker’s servers allowing them free access to potentially damaging information. Apple has started the repair and damage control process by blocking the IP address of the server used by the Russian hacker and issuing a copyright claim to have the original video removed from YouTube.

Over the weekend, Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases.

It followed this up with a takedown request on the original server, taking down third-party authentication with it, also issuing a copyright claim on the overview video Borodin used to document the circumvention method. PayPal also got involved, placing a block on the original donation account for violating its terms of service. — The Next Web

Apple hasn’t released any information or details on when or how a permanent fix will be issued. Until then Borodin, the Russian Hacker, plans to actively support his “service” and attempt to overcome any roadblocks Apple institutes. The quicker the fix, the better devs everywhere will feel.

Source: The Next Web

[lilrican21]

im a dev and i really don't care. that russia hacker did the impossible i give him props of finding a exploit. isnt that what hacking is all about? it's shows that even all the bells and whistles apple is not perfect like they think they are.

[emmanravalo]

OFFTOPIC- Developers... IOS6 BETA 3 IS OUT

[GeoffS4]

im a dev and i really don't care. that russia hacker did the impossible i give him props of finding a exploit. isnt that what hacking is all about? it's shows that even all the bells and whistles apple is not perfect like they think they are.

Why do people create false statements (for others to act on)? For example the above comment, "...is not perfect like they think they are.".

[Awdad724]

im a dev and i really don't care. that russia hacker did the impossible i give him props of finding a exploit. isnt that what hacking is all about? it's shows that even all the bells and whistles apple is not perfect like they think they are.

Just goes to show. Anything and anyone can be hacked. Just takes the right person with enough want to. Maybe it will humble apple a little to keep them on there toes.

[Dazz187s]

I'm a dev and I don't care about anyone else but me. I don't care about anyone or anything, but me.

[*T*]

im a dev and i really don't care. that russia hacker did the impossible i give him props of finding a exploit. isnt that what hacking is all about? it's shows that even all the bells and whistles apple is not perfect like they think they are.

Apple is not a human, but an entity. You are a human. Therefore, when you say "like they think they are," you are stereotyping all Apple employees.

[Richard7812]

What kind of personal initiation do they get from you by using this hack?? Information from your iPod or from your iTunes account???? Will I be traced through my Internet connection and be charged or something? I want to use this hack? Do I make a fake iTunes account? :/

[Senyaichiya]

Apple is not a human, but an entity. You are a human. Therefore, when you say "like they think they are," you are stereotyping all Apple employees.

As a company shouldn't the employees of Apple strive to the same goals? If not I would think it would be total anarchy with a paycheck. Stereotyping here does work at least in my opinion.

[jbardi]

im a dev and i really don't care. that russia hacker did the impossible i give him props of finding a exploit. isnt that what hacking is all about? it's shows that even all the bells and whistles apple is not perfect like they think they are.

Let's see, you are either a liar or a very ameture and inept developer. I'm thinking the truth is somewhere between the two. You are sounding more like a Google or Samsung fanboy trying to gain credibility in your Apple bashing by claiming to be a an iOS developer... Either that or you really are a dev, and because you have no real clue about development other than using glue code, your apps suck and you make no money, so you are bitter. The way I see it, most people on here that claim to be devs are liars. Reason being? Devs tend to be a bit proud of their creations, like they were their children, so they talk about them at every opportunity, wanting to brag and and advertise their app when ever they can, but the liars on here never mention their apps or accomplishments because they have none. So let's try again and be honest this time. You own an Android phone and simply troll the Apple forums, right?

[bigboyz]

Sounds like lilrican21 is hating on Apple. He should care as Apple pays him to develop, not like he is doing it for free. Sounds a bit ignorant in my opinion but its just an opinion. The more the OS gets hacked the more vulnurable and none of us really want an unstable OS do we?? I think not!

[dwizurd]

I think the main issue to this whole topic comes down to morality. While I'm certainly impressed with this hackers ability to crack in-app purchases, I personally am not willing to deprive any dev of their intellectual property and take something which I have not properly paid for. I don't mean this statement to condemn anyone, but I certainly won't condone piracy either. I have too much respect for myself, as well as the work that a lot of these devs put into creating these apps. I only hope that I'm not in the minority as far as this is concerned.

[Gamemaster77]

Let's see, you are either a liar or a very ameture and inept developer. I'm thinking the truth is somewhere between the two. You are sounding more like a Google or Samsung fanboy trying to gain credibility in your Apple bashing by claiming to be a an iOS developer... Either that or you really are a dev, and because you have no real clue about development other than using glue code, your apps suck and you make no money, so you are bitter. The way I see it, most people on here that claim to be devs are liars. Reason being? Devs tend to be a bit proud of their creations, like they were their children, so they talk about them at every opportunity, wanting to brag and and advertise their app when ever they can, but the liars on here never mention their apps or accomplishments because they have none. So let's try again and be honest this time. You own an Android phone and simply troll the Apple forums, right?

I'm not commenting on this particular person, but I wouldn't doubt that many devs wouldn't care too much if their apps got pirated. I know plenty of people that make songs, videos, etc, that have said that they really don't care when their stuff gets pirated. It's not like it was going to be bought in the first place. Some of them even think of it as an accomplishment that their stuff was posted on a pirate website. They like that people thought their product was good enough to do that.

[hank197857]

i'm still wondering how that downloader of pandora music is allowed to continue. cydia all the way!

[lucca567]

I do not support the hacker and I find this "hack" to be unethical and illegal.
However, 99% of the people downloading in-app purchases for free likely wouldn't have bought them in the first place. I may be wrong but just clarifying that I am completely against this "hacker" and I hope he gets in trouble for this.
To everyone else out there, don't use this hack because you never know if Apple is tracing back the UDID's of people using this and also because of moral values. How would you like to have your hard work stolen? Especially when it might be your main source of income.
Feel free to disagree.

[emtee25]

There's been other hacks like this for years and can get them from most repos in Cydia right now.

[scream777]

Breaking news**
This exploit is now covered by obamacare.....

[xhazex9x]

that wont do anything theres still iapfree and iapcracker oh well

[*T*]

I do not support the hacker and I find this "hack" to be unethical and illegal.
However, 99% of the people downloading in-app purchases for free likely wouldn't have bought them in the first place. I may be wrong but just clarifying that I am completely against this "hacker" and I hope he gets in trouble for this.
To everyone else out there, don't use this hack because you never know if Apple is tracing back the UDID's of people using this and also because of moral values. How would you like to have your hard work stolen? Especially when it might be your main source of income.
Feel free to disagree.

You sir, are brilliant.

[lucca567]

You sir, are brilliant.

I do alright.