A Russian hacker has found a way to obtain in-app purchases from iOS apps for free, without the need for a jailbreak, reports 9to5Mac.
There are three 'simple' steps to the procedure: ● installation of CA certificate ● installation of in-appstore.com certificate ● changing DNS record in wi-fi settings *Note, that in-appstore works only when you connected to Wi-Fi, not Cellular network.
The hack also requires you send information about your transaction through the hacker's server. That information includes: restriction level of app, id of app, id of version, guid of your idevice, quantity of in-app purchase, offer name of in-app purchase, language you are using, identifier of application, version of application, and your locale.
At this point it seems that apps which properly validate in-app purchase receipts are unaffected by the hack; however, it appears that many apps do not do this.
The hacker's service is already down to high traffic. Note, due to high load Service is unstable. Reporting of failed purchases disabled.
We would urge users to continue using in-app purchases as normal and urge developers to make sure their apps validate purchase receipts. For those interested, you can see the hack demonstrated in the video below...
Apple news, rumors, tutorials, price drop alerts, in your inbox every evening, free.
Unsubscribe at any time.
Success!
You have been subscribed.
Add Comment
Would you like to be notified when someone replies or adds a new comment?
Yes (All Threads)
Yes (This Thread Only)
No
Notifications
Would you like to be notified when we post a new Apple news article or tutorial?
Yes
No
Comments (8)
Comments are closed for this article.
0
DNA64 - July 15, 2012 at 2:54pm
Or...You could just buy them! :P
But seriously this is nothing new, you can obtain in app purchases for many apps for no charge by simply using iExplorer and doing some peeking and poking :P. A perfect example is the Commodore 64 Application. And I blogged about this on my blog and Twitter eons ago.
0
King - July 14, 2012 at 5:47pm
This worked for anyone ?
0
Haha - July 13, 2012 at 5:48pm
iAPCracker from Cydia has been doing this for years.
0
qw1987 - July 14, 2012 at 2:09am
Except that APcracker required that you be Jailbroken
0
Jeff - July 13, 2012 at 5:00pm
As usual, 99% of hackers give the other 1% a bad name.
0
joyz - July 13, 2012 at 3:56pm
Like I'm going to send my confidential info to some unknown third party!
0
joyz - July 13, 2012 at 3:52pm
Hope apple are aware of this...
0
Prudhvi - July 13, 2012 at 3:43pm
Jailbreak and install iAPCracker. This is one more reason for a jailbreak; it's straightforward.
![Apple's In-App Purchases Get Hacked [Video]](/images/news/23171/85802/85802-64.png "Apple's In-App Purchases Get Hacked [Video]")
![Apple's In-App Purchases Get Hacked [Video]](/images/news/23171/85804/85804.png "Apple's In-App Purchases Get Hacked [Video]")
![MacBook Neo Charging Test Confirms 30W Limit Across All Chargers [Video]](/images/news/100281/100281/100281-160.jpg "MacBook Neo Charging Test Confirms 30W Limit Across All Chargers [Video]")
![AirPods Pro 3 Still $199.99 on Amazon ($50 Off) [Deal]](/images/news/100285/100285/100285-160.jpg "AirPods Pro 3 Still $199.99 on Amazon ($50 Off) [Deal]")
![AirPods Pro 3 Drop to $209.99 on Amazon ($40 Off) [Deal]](/images/news/100236/100236/100236-160.jpg "AirPods Pro 3 Drop to $209.99 on Amazon ($40 Off) [Deal]")
![Apple AirTag (1st Gen) 4-Pack Falls to $64 on Amazon [Deal]](/images/news/100218/100218/100218-160.jpg "Apple AirTag (1st Gen) 4-Pack Falls to $64 on Amazon [Deal]")
![Apple's New M5 MacBook Air Drops to $1,049 in Early Amazon Sale [Deal]](/images/news/100206/100206/100206-160.jpg "Apple's New M5 MacBook Air Drops to $1,049 in Early Amazon Sale [Deal]")
