Apple investigating App Store hack allowing free in-app purchases

Tools

Apple (NASDAQ:AAPL) is probing an App Store hack enabling iOS device owners to make in-app purchases for free.

Russian developer Alexey V. Borodin designed the in-app purchase hack, which installs bogus certificates on iPhones and iPads in addition to exploiting a customized DNS server to essentially trick iOS apps into believing they're communicating with the App Store. Borodin told Macworld that the hack fabricates code receipts issued by Apple to validate in-app transactions, fooling iOS devices into believing the receipts are coming directly from the App Store. According to Borodin, "every in-app receipt is generic" and contains no direct user data, making transactions "easy to spoof."

In a separate interview with The Next Web, Borodin said consumers have made more than 30,000 in-app purchases using his hack. A PayPal account established to help with his costs has generated just $6.78 in donations, however.

Apple said it is investigating the hack. "The security of the App Store is incredibly important to us and the developer community," a spokesperson said late Friday. "We take reports of fraudulent activity very seriously, and we are investigating." Reports indicate Apple has shut down the IP address associated with Borodin's In-Appstore.com authentication server and issued a copyright claim against a YouTube video navigating consumers through the spoofing process; in addition, PayPal has blocked the hacker's donation account.

The Guardian reports it is unclear whether Apple or its developer partners will be able to detect which users have taken advantage of Borodin's hack, or whether it will be able to take action against them. Also uncertain: Whether Apple will refund developers who've lost revenues because of the hack. Apple declined to comment. 

For more:
- read this Macworld article
- read this Next Web article
- read this Guardian article

Related articles:
Apple fixes DRM server behind App Store update glitch
App Store encryption glitch pushing corrupted iOS apps
Apple iOS developers report changes to App Store search results
Report: Apple renovating App Store to upgrade content discovery
Apple pledges to combat App Store fraud
Apple warns developers against manipulating App Store rankings

Filed Under

Comments