Friday July 13, 2012 1:19 pm
Hacker shows how to get free iOS in-app purchase content in major Apple security breach (video)
A Russian hacker has uncovered a serious breach in Apple's iOS App Store in-app purchase model that allows anyone to get access to pretty much any in-app purchase content completely for free. Surprisingly easy to set up, the model just requires the installation of two security certificates, followed by you entering a different DNS server in your Settings app on your iPhone, iPad, or iPod touch. That's it.
After you complete the steps above, you simply open up an app that offers in-app purchasing content, and "buy" whatever it is you'd like. Through the use of the DNS and security certificates, you end up bypassing Apple's servers completely, and get an thumbs up from the fake proxy that tells the app to give you access to the new content.
You're gonna have a hard time getting the security certificates right now, as the server that provides the files is severely overloaded and unavailable, understandably. ZonD80, the dude who discovered all this, is asking for help from users to get an upgraded server in place:
Currently we have [server] with 512MB of memory, and there is no way to satisfy everyone with such hardware. Apple is a big company, I am not. If you want to help me to buy really dedicated quad-core server with at least 4GB of RAM.
The idea is that the new server will take a few days to get set up--we'd be shocked if Apple didn't get this loophole closed well before then. This isn't the kind of thing that will just go unnoticed, as we're sure that there are plenty of unhappy Apple developer partners that are making their collective voices heard right now.
- Related Tags:
- app store, apple, developers, dns, hack, hacks, in-app purchase, in-app purchase hack, ios, ios hacks, l-ekb, russia, security, sidefeature, software, zond80
© Gear Live Inc. – User-posted content, unless source is quoted, is licensed under a Creative Commons Public Domain License. Gear Live graphics, logos, designs, page headers, button icons, videos, articles, blogs, forums, scripts and other service names are the trademarks of Gear Live Inc.