Apple Blocks Servers Used for In-App Purchases Hack, Service Still Operational

Posted July 16, 2012 at 1:49pm by iClarified | Please help us and submit a translation by clicking here | 8378 views

Apple has blocked servers used to obtain in-app purchases for free; however, the hacker behind the exploit, Alexey V. Borodin, has managed to keep his service operational, reports TNW.

Blocking the original 'attack' route, Borodin sidestepped the authentication issue by migrating the service to a new server. Apple was able to pressure the host of the original server -- which was located in Russia -- into dropping Borodin's service, but according to the Russian hacker, the new server is hosted in an offshore country in an attempt to evade Apple's legal requests.

Borodin tells us that the new service has been updated and cuts out Apple's servers, "improving" the protocol to include its own authorisation and transaction processes. The new method "can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled."

The hacker has also updated the service to require that users be signed out of their iTunes account in order to mitigate claims that he is logging user information. "They [the users] need to sign out so they don't scream to the Internet that I am stealing their credentials."

It still appears that apps which properly validate in-app purchase receipts are unaffected by the hack; however, many apps do not do this. Borodin wants Apple to adapt its APIs or place new blocks on its service.

Of course, we recommend users do not use this service but rather continue to support developers with legitimate in-app purchases.

Read More [via TNW]

Add Comment
3abbid - July 16, 2012 at 1:57pm
I already bought the app for 1.99.. I am not paying 19$ for stupid points or stars! I donated for the IAP cracker app, because i love it... They have got support anytime!
Follow iClarified
Samsung Galaxy S6 Edge Plus and Samsung Galaxy Note 5 Leaked [Photos]
Photos of the Samsung Galaxy S6 Edge Plus and...
August Smart Lock Now Works With Your Apple Watch
The August Smart Lock app has been updated to...
First Photos of the iPhone 6s Force Touch Display Leaked?
The first photos of the Force Touch display f...
Apple Watch Fails to Reach Supplier 'Break-Even Volume' of 2 Million Per Month
Apple Broke Off Talks With BMW to 'Explore Developing a Passenger Car on Its Own'