Apple's In-App Purchases Get Hacked [Video]

Apple's In-App Purchases Get Hacked [Video]

Posted by · 31724 views · Translate

A Russian hacker has found a way to obtain in-app purchases from iOS apps for free, without the need for a jailbreak, reports 9to5Mac.

There are three 'simple' steps to the procedure:
● installation of CA certificate
● installation of certificate
● changing DNS record in wi-fi settings
*Note, that in-appstore works only when you connected to Wi-Fi, not Cellular network.

The hack also requires you send information about your transaction through the hacker's server. That information includes: restriction level of app, id of app, id of version, guid of your idevice, quantity of in-app purchase, offer name of in-app purchase, language you are using, identifier of application, version of application, and your locale.

At this point it seems that apps which properly validate in-app purchase receipts are unaffected by the hack; however, it appears that many apps do not do this.

The hacker's service is already down to high traffic. Note, due to high load Service is unstable. Reporting of failed purchases disabled.

We would urge users to continue using in-app purchases as normal and urge developers to make sure their apps validate purchase receipts. For those interested, you can see the hack demonstrated in the video below...

Read More [via 9to5Mac]

Apple's In-App Purchases Get Hacked [Video]

Observer - July 16, 2012 at 1:41pm
These people are pathetic losers... Stealing money from small app developers. You poor ass can't afford 99 cents for a game you want to play for hours and days, but go to Starbucks and pay $5 for cup of coffee. Pathetic morons.
DNA64 - July 15, 2012 at 2:54pm
OR...You could just buy them! :P But seriously this is nothing new, you can obtain in app purchases for many apps for NO CHARGE by simply using iEXPLORER and doing some peeking and poking :P. A perfect example is the Commodore 64 Application. And I blogged about this on my blog and Twitter EONS ago.
King - July 14, 2012 at 5:47pm
This worked for anyone ?
Hhf - July 14, 2012 at 9:55am
To the guy that says this gives hackers bad name Stfu. I bet you've done nothing to contribute or even call ur self a hacker. I say this is great
Haha - July 13, 2012 at 5:48pm
IAPcracker from Cydia's repo has been doing this FOR YEARS.
5 More Comments