Apple tries to block in-app purchase hacks, but service continues to run offshore

in-app-hack

Yeah, we knew this was going to happen soon. Apple, faced with hacking issues to its in-app purchase feature on iOS, has resorted to its usual bullying tactics by pressuring the host of the original server (located in Russia) into dropping the service that is housing the hacking maneuver.

What are we talking about, you ask? Well, let’s bring you up to speed. A few days ago, a hack published by Russian developer ZonD80, showed off a trick that allowed users of any iDevice running iOS 3.0+ to ‘purchase’ any kind of in-app content for free. Yes, you heard right. As I explained up top, Apple has tried to combat this intrusion by muscling the hosted server of the Russian hacker who posted this trick on his site.

Apple also spoke out on the issue, sharing the following statement with The Loop:

“The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison said. “We take reports of fraudulent activity very seriously and we are investigating.”

Sounds like a win for Apple, right? Wrong. The clever hacker has since set up shop on a new server hosted in an offshore country in an attempt to evade Apple’s legal requests. In simple terms, the guy basically said: screw you, Apple. Dude worked in a new way for users to receive the ability to “purchase” content. Accordong to ZonD80, the updated system cuts out Apple’s servers, “improving” the protocol to include its own authorisation and transaction processes.

I don’t know about you, but this sounds like a major security issue for both Apple and the user. The developer claims he isn’t logging device information — which may or may not be true. Moreover, he’s charging folks for this service that is being financed through a private PayPal account. Sketchy, much? Anyway, if this guy continues, Apple no doubt will pursue him, which in the end might cost him jail time.

[via TNW]

Back to top ▴