Hack subverts iOS in-app purchases, lets you get stuff for free

Just when you thought iOS security was super secure, think again. It looks like someone has figured out how to penetrate the iTunes walled garden. A Russian developer by the name of  ZonD80 has published a loophole or trick to bypass Apple’s in-app purchase system, allowing users to “buy” items without paying in iOS. So how is this done, you ask? Well, the only thing that needs to be done is installing a pair of security certificates and then changing the DNS record, which does not require jailbreaking. This maneuver allegedly runs on anything with iOS 3.0 to 6.0.

Wait, before you get all mushy inside, and try to do this to your iPhone, you must first realize something. In order to get this thing rolling, you will compromise some personal stuff such as some device information and user locale. This isn’t totally weird, as it’s the norm when it comes to a developer, but in this case the prospect seems a bit sketchy. The fact that it’s a hack that can manipulate the in-app purchases and grab some of your info, who knows what else this thing is collecting.

Checkout the video demonstration below:

[via 9to5Mac]


Back to top ▴