iOS In-App Purchase Hack Will Remain Until iOS 6
A Russian hacker who was able to conjure up an exploit that allowed iPhone and iPad users to steal in-app paid content for free, says that the exploit will remain available until Apple releases iOS 6 in the fall.
On his website, Russian hacker Alexey V. Borodin states that Apple has implemented a fix that he cannot bypass and that he is now turning his attention toward the Mac App Store and OS X.
Apple, according to CNET, has confirmed this to developers in a message.
While Borodin claims that while the game of cat and mouse is over, he is pleased that the App Store now have better security. However, he does say that the hack will remain operational until Apple releases iOS 6 later on this year.
Apple has not given iOS 6 a release date though it’s expected to arrive sometime near the arrival of the iPhone 5 which is rumored to be in Q4 and possibly in October.
That means that the exploit will be around for a least a couple of months more and it means that some developers, at least those won’t don’t install security measures to insure valid in-app purchases, might be taken advantage of until then.
Last week, Apple started taking steps to take down the operation. Apple first blocked the IP address of the server that Borodin used to authenticate the purchases bought using the hack, the same server that pulled sensitive information from devices of those using the hack. Apple also shut down the original server which has prevented third-party authentication.
It then put a copyright claim on the tutorial video that Borodin used to detail the steps needed to get in-app purchases for free and PayPal put a block on the account that he was using to solicit donations.
However, despite Apple’s efforts, the service was able to remain active as Borodin moved the server to an country based off-shore.