Apple Fighting In-App Purchase Hack
It appears that Apple has begun taking steps to combat the in-app purchase hack that has plagued some iOS apps since last week. However, the service still remains functional, even after the company’s measures.
According to The Next Web, Apple has taken steps to shut down the in-app purchase hack that was unleashed for the iPhone, iPad and iPod touch. The hack, created by Russian hacker Alexey V. Borodin, allows users to get in-app paid content for free using just a few easy steps.
Apple had said that it was investigating the issue and it appears that the company has taken some initial steps to combat the problem.
Over the weekend, Apple blocked the IP address of the server that Borodin used to authenticate the purchases bought using the hack, the same server that pulled sensitive information from devices of those using the hack. Apple also apparently shut down the original server which has prevented third-party authentication.
Apple also put a copyright claim on the tutorial video that Borodin used to detail the steps needed to get in-app purchases for free and PayPal put a block on the account that he was using to solicit donations.
Despite Apple’s efforts, the service remains active as Borodin has seemingly moved the server to an country based off-shore. Apple was able to get the original servers shut down by pressuring the hosting companies in Russia.
Apple has apparently not contacted Borodin directly, even as he tries to stay one step ahead of the company trying to snuff out his service.
Borodin’s new method may prove a little more tricky for Apple as it’s not only using off-shore servers, but it’s also cut out Apple’s servers and uses its own authentication and transaction process.
Thus far, Borodin’s hack has seen more than 30,000 requests for in-app payments which means that iDevice users are using the hack, despite all of the warnings.
Users should be aware that there are both legal and privacy concerns swirling about and we advise owners of the iPhone, iPad and iPod touch to avoid using the hack now and in the future.