June 21, 2024
Apple's In-App Purchases Get Hacked [Video]

Apple's In-App Purchases Get Hacked [Video]

Posted July 13, 2012 at 3:31pm by iClarified
A Russian hacker has found a way to obtain in-app purchases from iOS apps for free, without the need for a jailbreak, reports 9to5Mac.

There are three 'simple' steps to the procedure:
● installation of CA certificate
● installation of in-appstore.com certificate
● changing DNS record in wi-fi settings
*Note, that in-appstore works only when you connected to Wi-Fi, not Cellular network.

The hack also requires you send information about your transaction through the hacker's server. That information includes: restriction level of app, id of app, id of version, guid of your idevice, quantity of in-app purchase, offer name of in-app purchase, language you are using, identifier of application, version of application, and your locale.

At this point it seems that apps which properly validate in-app purchase receipts are unaffected by the hack; however, it appears that many apps do not do this.

The hacker's service is already down to high traffic. Note, due to high load Service is unstable. Reporting of failed purchases disabled.

We would urge users to continue using in-app purchases as normal and urge developers to make sure their apps validate purchase receipts. For those interested, you can see the hack demonstrated in the video below...

Read More [via 9to5Mac]

Apple's In-App Purchases Get Hacked [Video]
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
iClarified Icon
Would you like to be notified when we post a new Apple news article or tutorial?
Comments (9)
You must login or register to add a comment...
DNA64 - July 15, 2012 at 2:54pm
OR...You could just buy them! :P But seriously this is nothing new, you can obtain in app purchases for many apps for NO CHARGE by simply using iEXPLORER and doing some peeking and poking :P. A perfect example is the Commodore 64 Application. And I blogged about this on my blog and Twitter EONS ago.
King - July 14, 2012 at 5:47pm
This worked for anyone ?
Hhf - July 14, 2012 at 9:55am
To the guy that says this gives hackers bad name Stfu. I bet you've done nothing to contribute or even call ur self a hacker. I say this is great
Haha - July 13, 2012 at 5:48pm
IAPcracker from Cydia's repo cydia.xsellize.com has been doing this FOR YEARS.
qw1987 - July 14, 2012 at 2:09am
Except that APcracker required that you be Jailbroken
Jeff - July 13, 2012 at 5:00pm
As usual, 99% of hackers give the other 1% a bad name.
joyz - July 13, 2012 at 3:56pm
Like I'm gona send my confidential info to some dodgy chechens !
joyz - July 13, 2012 at 3:52pm
Hope apple are aware of this...
Prudhvi - July 13, 2012 at 3:43pm
Jailbreak n install iapcracker ..... One more reason for a jailbreak ....simple as hell
Recent. Read the latest Apple News.
Tutorials. Help is here.
Where to Download macOS Monterey
Where to Download macOS Ventura
AppleTV Firmware Download Locations
Where To Download iPad Firmware Files From
Where To Download iPhone Firmware Files From
Deals. Save on Apple devices and accessories.