iOS In-App Purchase Hack Will Remain Until iOS 6

A Russian hacker who was able to conjure up an exploit that allowed iPhone and iPad users to steal in-app paid content for free, says that the exploit will remain available until Apple releases iOS 6 in the fall.

On his website, Russian hacker Alexey V. Borodin states that Apple has implemented a fix that he cannot bypass and that he is now turning his attention toward the Mac App Store and OS X.

Apple, according to CNET, has confirmed this to developers in a message.

The in-app purchase hack won’t be thwarted completely until iOS 6 arrives.

While Borodin claims that while the game of cat and mouse is over, he is pleased that the App Store now have better security. However, he does say that the hack will remain operational until Apple releases iOS 6 later on this year.

Apple has not given iOS 6 a release date though it’s expected to arrive sometime near the arrival of the iPhone 5 which is rumored to be in Q4 and possibly in October.

Advertisement

That means that the exploit will be around for a least a couple of months more and it means that some developers, at least those won’t don’t install security measures to insure valid in-app purchases, might be taken advantage of until then.

Last week, Apple started taking steps to take down the operation. Apple first blocked the IP address of the server that Borodin used to authenticate the purchases bought using the hack, the same server that pulled sensitive information from devices of those using the hack. Apple also shut down the original server which has prevented third-party authentication.

It then put a copyright claim on the tutorial video that Borodin used to detail the steps needed to get in-app purchases for free and PayPal put a block on the account that he was using to solicit donations.

However, despite Appleā€™s efforts, the service was able to remain active as Borodin moved the server to an country based off-shore.

Comments

  1. TARIQ ISLAM says

    Well it is not fair with the people working day and night to provide us the good APPS, I believe we should not use this method to support the developers working hard for us to make our life easy.

Leave a Reply