or Connect
AppleInsider › Forums › Mobile › iPhone › Apple takes steps to block iOS in-app purchase hack
New Posts  All Forums:Forum Nav:

Apple takes steps to block iOS in-app purchase hack

post #1 of 45
Thread Starter 
Apple has enacted measures to block a hack that can allow users to obtain in-app purchases through the iOS App store for free.

The IP addresses used by a Russian hacker for the exploit were blocked over the weekend, according to The Next Web. Apple also reportedly issued a takedown request against the servers used, and issued a copyright claim to remove the YouTube video that showed users how to utilize the exploit.

In addition, PayPal issued a block on hacker Alexey V. Borodin's account, preventing him from collecting donations for violating its terms of service.

The hack, which entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server, was first publicized < ahref="http://www.appleinsider.com/articles/12/07/13/hack_allows_free_acces_to_in_app_ios_purchases.html">last week. Apple quickly issued a statement to say it was investigating the matter, adding that the company takes "reports of fraudulent activity very seriously."

Prior to Apple's takedown efforts, Borodin claimed that his method had already been used to process more than 30,000 illegal in-app payment requests. However, the hack has not been completely quashed, as Borodin continues to find ways to keep the exploit alive.

App Hack
Screenshot of Borodin's in-app purchasing workaround being used on CSR Racing. | ZonD80's YouTube channel


Apple's current methods to block the hack are likely a short-term fix. Developers believe a more permanent solution would be easy for Apple to create, though it would likely require a software update for iPhone and iPad users.

Apple first introduced in-app purchases with the release of iOS 3.0 in 2009. The feature was initially limited to paid applications, but was made available to free apps later that year. Apple takes a 30 percent cut of revenue generated from in-app purchases.
post #2 of 45
If Alexey is short of cash he can just sell all of the iTunes accounts of those using his hack. 1smile.gif
post #3 of 45
Quote:
Originally Posted by irnchriz View Post

If Alexey is short of cash he can just sell all of the iTunes accounts of those using his hack. 1smile.gif

 His process now forces users to log out of their itunes account. He doesn't want access to their details. Additionally his paypal acc has been frozen so I guess he hasn't made a single bean.

 

Although he is enabling people to steal, personal gain (ie cash) doesn't seem to have been his primary motive (donations aside).

post #4 of 45

The guy will try to amass a little fortune before being on the run, lol, pesky russians.

post #5 of 45
Quote:
Originally Posted by irnchriz View Post

If Alexey is short of cash he can just sell all of the iTunes accounts of those using his hack. smile.gif

Yep! The idiots who used his service will pay now as their iTunes account gets owned. No free lunch.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #6 of 45

So is it Apple's fault for having the vulnerability, or other people's fault for trying to take advantage of it?

post #7 of 45
Quote:
Originally Posted by Haggar View Post

So is it Apple's fault for having the vulnerability, or other people's fault for trying to take advantage of it?

What an interesting topic for a philosophy class. "Is it ever the fault of any victim when someone with malice aforethought commits a crime against them?" One could argue not having bullet proof skin is responsible for so many murders!
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #8 of 45
Quote:
Originally Posted by digitalclips View Post


What an interesting topic for a philosophy class. "Is it ever the fault of any victim when someone with malice aforethought commits a crime against them?" One could argue not having bullet proof skin is responsible for so many murders!

 

Or having so many loopholes in tax law is responsible for rampant tax evasion.

 
Reply
 
Reply
post #9 of 45
Quote:
Originally Posted by auxio View Post

Or having so many loopholes in tax law is responsible for rampant tax evasion.

Not clear which side you are on here ...
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #10 of 45
Quote:
Originally Posted by auxio View Post

 

Or having so many loopholes in tax law is responsible for rampant tax evasion.


"The legal right of an individual to decrease the amount of what would otherwise be his taxes or altogether avoid them, by means which the law permits, cannot be doubted." - U.S. Supreme Court

 

The loopholes encourage tax avoidance or mitigation. Evasion is illegal.

post #11 of 45
Quote:
Originally Posted by Sensi View Post

The guy will try to amass a little fortune before being on the run, lol, pesky russians.

 If he wanted to steal money from itunes customers I doubt that he would have used his real name...

post #12 of 45

Assuming that apple come up with a fix for the exploit, can they force an OTA upgrade. If not, then surely anyone taking advantage of free apps will decline any OTA updates for as long as possible? Additionally is there anyway that apple can "undo" the process?

post #13 of 45
Quote:
Originally Posted by PowerMach View Post

 

The loopholes encourage tax avoidance or mitigation.

 Seemingly only for those that already pay the lowest rates :(

post #14 of 45
Quote:
Originally Posted by PowerMach View Post


"The legal right of an individual to decrease the amount of what would otherwise be his taxes or altogether avoid them, by means which the law permits, cannot be doubted." - U.S. Supreme Court

 

The loopholes encourage tax avoidance or mitigation. Evasion is illegal.

 

So then, could using loopholes in Apple's in-app payment system be considered "payment avoidance or mitigation"?

 

Basically, I'm trying to show that people think it's ok to be creative in finding workarounds for taxation laws in their own self-interest (while others pay their fair share).  Yet, the same reasoning, when applied to finding workarounds for payment systems (while others pay their fair share) is wrong.  Both are wrong IMO.

 
Reply
 
Reply
post #15 of 45
Quote:
Originally Posted by auxio View Post

 

So then, could using loopholes in Apple's in-app payment system be considered "payment avoidance or mitigation"?

 

Basically, I'm trying to show that people think it's ok to be creative in finding workarounds for taxation laws in their own self-interest (while others pay their fair share).  Yet, the same reasoning, when applied to finding workarounds for payment systems (while others pay their fair share) is wrong.  Both are wrong IMO.

 

It is legal to avoid tax...it is illegal to avoid a payment system and steal.  And leave the "fair share" out of it, if that was true, EVERYONE would pay into the system, which, they don't (bottom 50% of taxpayers).

post #16 of 45
Quote:
Originally Posted by icoco3 View Post

 

It is legal to avoid tax...it is illegal to avoid a payment system and steal.  And leave the "fair share" out of it, if that was true, EVERYONE would pay into the system, which, they don't (bottom 50% of taxpayers).

 

And investors who pay a far lower percentage on income than wage earners.

 
Reply
 
Reply
post #17 of 45
Quote:
Originally Posted by auxio View Post

 

And investors who pay a far lower percentage on income than wage earners.

 

Nothing evil about profit...but they still pay more $$$, about 90%+ from top 50% and >10% from bottom 50% of overall taxes collected.

post #18 of 45
Quote:
Originally Posted by icoco3 View Post

 

Nothing evil about profit...but they still pay more $$$, about 90%+ from top 50% and >10% from bottom 50% of overall taxes collected.

 I don't know about the USA but in most western countries that poorest people pay a higher percentage of their income in taxes. Although they occupy lower income rate bands they are disproportionally affected by sales taxes, given that save little and spend most of their income.

 

Whilst i am not a fan of sales taxes they do have the advantage of forcing low income earners (who avoid income tax ) to pay taxes. The caveat being that those people are unfairly able to consume more than their honest counter parts.

post #19 of 45
Quote:
Originally Posted by AppleInsider View Post

The hack, which entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server

 

Why does the term "Russian Roulette" seem very apt here?

 

Better to play by the rules & pay the few bucks, than to play with fire & install mysteryware from Russia...

post #20 of 45
It's interesting to read through some of the posts over there:
http://www.in-appstore.com/

People there are basically divided in the same way as folks in this forum, with no one talking about the real problem or long-term solution. Everyone seems to be praising piracy or condemning it, or going off-topic on things like taxes.

This is really NAPSTER all over again. In the past, people stole music like mad because there was no popular legal means to get that music in a convenient, modern way like the iTunes Music Store. Now most people in deveoped countries buy their music (including myself) rather than stealing it. That's true not because NAPSTER's flame was extinguished but because Apple provided a convenient and reasonably priced solution.

But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for. Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned, not unlike NAPSTER was to be praised — not for encouraging theft, but for allowing people to Try Before We Buy, and to put pressure on the app industry (i.e., Apple) to change the status quo and give app buyers Trials and give developers App Upgrades in the app store.

We can howl and cry all we want about right and wrong, but these naughty guys often do more good than bad in the end, especially if we legitimate buyers of apps keep up the pressure in Apple to enacted improvements to the app buying experience:

http://www.apple.com/feedback/iphone.html
or
http://www.apple.com/feedback/ipad.html
post #21 of 45
Quote:
Originally Posted by JDW View Post

But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for. Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned, not unlike NAPSTER was to be praised — not for encouraging theft, but for allowing people to Try Before We Buy, and to put pressure on the app industry (i.e., Apple) to change the status quo and give app buyers Trials and give developers App Upgrades in the app store.

This is about in-app purchases, not the app itself. If you're to the point where you want to spend money inside the app, you're already past the point of deciding whether you want it.

What, do the pirates want trials on in-app purchases now?

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #22 of 45
Quote:
Originally Posted by Tallest Skil View Post

This is about in-app purchases, not the app itself. If you're to the point where you want to spend money inside the app, you're already past the point of deciding whether you want it.
What, do the pirates want trials on in-app purchases now?
You're missing the point entirely, focusing instead on how to destroy the naughty people. People are naughty. That includes you and me too, even though you and I aren't naughty in the same manner as thus Russian youngster. Let's try to make something good come from this rather than beat a dead horse.
post #23 of 45
Quote:
Originally Posted by JDW View Post

You're missing the point entirely, focusing instead on how to destroy the naughty people. Let's try to make something good come from this rather than beat a dead horse.

The good is the hole that is being patched. He discovered it, so he should be commended. He exploited it, so he should be vilified. Whether the damage evens out to indifference is left to be seen, but he certainly doesn't deserve applause for his behavior.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #24 of 45
Quote:
Originally Posted by Tallest Skil View Post

The good is the hole that is being patched. He discovered it, so he should be commended. He exploited it, so he should be vilified. Whether the damage evens out to indifference is left to be seen, but he certainly doesn't deserve applause for his behavior.
If you read through my original post again you will see that I plainly said he should be "condemned" just like Napster was to be condemned. The point that continues to be missed is the fact that not every situation should be viewed in a 100% negative light. We human beings all too often do that, without trying to see what positive and constructive things could come of the bad. My statement in no way encourages bad deeds. I am merely being an optimist versus a pessimist. I in no way seek to encourage theft or any criminal activity, as evidenced by what I have written already.
Edited by JDW - 7/16/12 at 3:17pm
post #25 of 45
Quote:
Originally Posted by JDW View Post

People there are basically divided in the same way as folks in this forum, with no one talking about the real problem or long-term solution. Everyone seems to be praising piracy or condemning it, or going off-topic on things like taxes.

 

There's nothing really to praise about the act of piracy itself.  It's theft.

 

It's the debate over the actions of the person who figured out the loophole/flaw in the system and exposed it which is much more interesting.  Which is where I got on the topic of comparing it to finding and exploiting loopholes in the taxation system for one's own gain.  Just to remove a bit of the black and white thinking in regard to this particular scenario and see other areas where exploiting loopholes for personal gain might be considered "acceptable".

 

In this case, the motive he gave was rather uninteresting: he felt he was ripped off and wanted to get retribution/payback.  An eye for an eye -- the oldest story in history.

 

As far as in-app purchases go -- I do agree that, in legitimate cases where one was mislead about the product or didn't get what was advertised, there should be a means to get a refund or credit.  That's not the case here though.

 
Reply
 
Reply
post #26 of 45
Quote:
Originally Posted by auxio View Post

 

 

As far as in-app purchases go -- I do agree that, in legitimate cases where one was mislead about the product or didn't get what was advertised, there should be a means to get a refund or credit.  That's not the case here though.

 Windows phone did offer a time limited try "before you buy", TBH I don't know if they have relaxed the rules now though

post #27 of 45
Quote:
Originally Posted by auxio View Post

 

There's nothing really to praise about the act of piracy itself.  It's theft.

 

 Even if you are downloading a mp3 version of a song that you previuosly purchased in another form.... 

post #28 of 45
Quote:
Originally Posted by hungover View Post

 Even if you are downloading a mp3 version of a song that you previuosly purchased in another form.... 

But that's not piracy then, so why bring that up?

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #29 of 45
Quote:
Originally Posted by hungover View Post

 Even if you are downloading a mp3 version of a song that you previuosly purchased in another form.... 

 

How do you know the person you're downloading it from legally purchased it?  Or that it's the exact version of the song (or even the same song period) which you previously purchased?

 
Reply
 
Reply
post #30 of 45
It's like piracy without jailbreaking. Now there are no reasons left to jailbreak. Haha
Edited by irnchriz - 7/16/12 at 4:43pm
post #31 of 45
Quote:
Originally Posted by Tallest Skil View Post


But that's not piracy then, so why bring that up?

 Errr... because where I live it is illegal.

 

In the United Kingdom, making a private copy of copyrighted media without the copyright owner's consent is currently illegal,.

 

So if I own a LP and decide I want to store it on my computer, either "acquiring" a copy from the internet or ripping it from the vinyl will result in me breaking the law.

 

It was also illegal to store free to air tv programmes for more than a week or two (until relatively recently).

 

With With production/record companies imposing such draconion rules upon us I am not surprised that the general public has so much contempt for them and is so willing to pirate songs etc.

post #32 of 45
Quote:
Originally Posted by hungover View Post

 Errr... because where I live it is illegal.

In the United Kingdom, making a private copy of copyrighted media without the copyright owner's consent is currently illegal,.

Ah, sorry; figured US.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #33 of 45
Quote:
Originally Posted by Tallest Skil View Post

Quote:
Originally Posted by hungover View Post

 Errr... because where I live it is illegal.
In the United Kingdom, making a private copy of copyrighted media without the copyright owner's consent is currently illegal,.
Ah, sorry; figured US.

 Apologies accept. BTW most people in the uk don't even know that they are breaking the law.

post #34 of 45
Quote:
Originally Posted by hungover View Post

Assuming that apple come up with a fix for the exploit, can they force an OTA upgrade. If not, then surely anyone taking advantage of free apps will decline any OTA updates for as long as possible? Additionally is there anyway that apple can "undo" the process?

Presumably the fix will be included in newer devices as they appear. What happens atm is that when restoring to a new device you will still need to "re-purchase" (but aren't charged) the in-app purchase within each individual app.

post #35 of 45
Quote:
Originally Posted by longfang View Post

Presumably the fix will be included in newer devices as they appear. What happens atm is that when restoring to a new device you will still need to "re-purchase" (but aren't charged) the in-app purchase within each individual app.

 thanks

post #36 of 45
Quote:
Originally Posted by auxio View Post

There's nothing really to praise about the act of piracy itself.  It's theft.

 

Without a doubt, piracy is theft.  Indeed, it is essentially the same kind of serious high-Dollar theft as the Blue Boxes that Jobs and Woz built (without which, Jobs strongly contended there would be no Apple today):

http://www.youtube.com/watch?v=HFURM8O-oYI

(We treat that past with a flippant attitude because (a) it happened so long ago and is irrelevant today, and (b) because it was done by Steve Jobs, someone who ultimately became that rich, famous, genius father of many products we so greatly love today.  Nevertheless, such theft is a crime, whether it be done by Steven P. Jobs or by a Russian hacker.)

 

Again, the point is that we all too often are quick to cast the first stone of condemnation at these hackers and human renegades, and we jump to point out in detail how "illegal" such-and-such is (almost as if we are trying to pass the BAR exam), without considering how to view a situation in a more optimistic light.

 

Arguably, one should try to convince Apple to make improvements to its App store (for both buyers and developers alike) without resorting to illegalities.  But it serves no constructive purpose to focus all our energies on bashing this russian fellow, refusing to consider any positive implications.  It is possible to play the optimist without directly supporting piracy or illegal activities.  I certainly don't ever want to see OS X or iOS plagued by viruses or hacker-criminals as is the case with Windows.  But I do hope to see Apple greatly enhance the App Store experience.  Try-before-you-buy for consumers and paid App Upgrades for developers is a major part of that.


Edited by JDW - 7/17/12 at 2:21am
post #37 of 45
Quote:
Originally Posted by JDW View Post

 

Without a doubt, piracy is theft.  Indeed, it is essentially the same kind of serious high-Dollar theft as the Blue Boxes that Jobs and Woz built (without which, Jobs strongly contended there would be no Apple today)

 

Ah, but there is a big difference between the act of inventing/creating a piece of hardware or software which has the potential be used for theft, and simply using it for that purpose.

 

The former requires a creative mind and/or hard work (assuming you aren't just knocking it off from someone else).  The latter requires nothing but the desire for a free ride.  Two very different paths -- one teaches a man to fish, the other simply gives a man a fish.  In the long run, you hope the man who learns to fish does it in areas where it's legal to do so (as Jobs and Woz did when they moved from blue boxes to personal computers).

 
Reply
 
Reply
post #38 of 45
Quote:
Originally Posted by hungover View Post

So if I own a LP and decide I want to store it on my computer, either "acquiring" a copy from the internet or ripping it from the vinyl will result in me breaking the law.

 

There's also another interesting gray area (especially with LPs): what if the song is out of print and the either the copyright holder is dead or the record label is defunct?  I realize that there are provisions for transference of copyright, but if it's not legally possible to purchase the song, what then?

 

I realize that with rare music finding services like GEMM, it's easier than ever nowadays to find someone selling a used copy, but there are still sometimes cases where you just can't find it anywhere.

 
Reply
 
Reply
post #39 of 45
Quote:
Originally Posted by digitalclips View Post


Not clear which side you are on here ...


I almost fell over laughing! haha.

Still, that is perspective justice

post #40 of 45
Quote:
Originally Posted by auxio View Post

Ah, but there is a big difference between the act of inventing/creating a piece of hardware or software which has the potential be used for theft, and simply using it for that purpose.

Under that logic, we should swiftly and promptly release from jail all thieves who have Jobsian style creative minds.

Theft is a crime no matter how some try to spin it. Therefore if one tries to make excuses for Jobs and Woz, one has an equal moral obligation to make a similar defense for this Russian hacker, simply because an arrestible offense is an arrestible offense.

The point is that we Apple lovers would do well to stop selectively casting that first stone. If you want to stone a thief, then consistently stone them all. We must not allow bribe-taking (e.g., allow love of a computer) to stop justice, otherwise we ourselves would then be guilty of a crime.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Apple takes steps to block iOS in-app purchase hack