Apple takes steps to block iOS in-app purchase hack

Posted:
in iPhone edited January 2014
Apple has enacted measures to block a hack that can allow users to obtain in-app purchases through the iOS App store for free.

The IP addresses used by a Russian hacker for the exploit were blocked over the weekend, according to The Next Web. Apple also reportedly issued a takedown request against the servers used, and issued a copyright claim to remove the YouTube video that showed users how to utilize the exploit.

In addition, PayPal issued a block on hacker Alexey V. Borodin's account, preventing him from collecting donations for violating its terms of service.

The hack, which entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server, was first publicized < ahref="http://www.appleinsider.com/articles/12/07/13/hack_allows_free_acces_to_in_app_ios_purchases.html">last week. Apple quickly issued a statement to say it was investigating the matter, adding that the company takes "reports of fraudulent activity very seriously."

Prior to Apple's takedown efforts, Borodin claimed that his method had already been used to process more than 30,000 illegal in-app payment requests. However, the hack has not been completely quashed, as Borodin continues to find ways to keep the exploit alive.

App Hack
Screenshot of Borodin's in-app purchasing workaround being used on CSR Racing. | ZonD80's YouTube channel


Apple's current methods to block the hack are likely a short-term fix. Developers believe a more permanent solution would be easy for Apple to create, though it would likely require a software update for iPhone and iPad users.

Apple first introduced in-app purchases with the release of iOS 3.0 in 2009. The feature was initially limited to paid applications, but was made available to free apps later that year. Apple takes a 30 percent cut of revenue generated from in-app purchases.
«13

Comments

  • Reply 1 of 44
    irnchrizirnchriz Posts: 1,603member
    If Alexey is short of cash he can just sell all of the iTunes accounts of those using his hack. :)
  • Reply 2 of 44
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by irnchriz View Post



    If Alexey is short of cash he can just sell all of the iTunes accounts of those using his hack. image


     His process now forces users to log out of their itunes account. He doesn't want access to their details. Additionally his paypal acc has been frozen so I guess he hasn't made a single bean.


     


    Although he is enabling people to steal, personal gain (ie cash) doesn't seem to have been his primary motive (donations aside).

  • Reply 3 of 44
    sensisensi Posts: 346member


    The guy will try to amass a little fortune before being on the run, lol, pesky russians.

  • Reply 4 of 44
    mstonemstone Posts: 11,510member

    Quote:

    Originally Posted by irnchriz View Post



    If Alexey is short of cash he can just sell all of the iTunes accounts of those using his hack. image


    Yep! The idiots who used his service will pay now as their iTunes account gets owned. No free lunch.

  • Reply 5 of 44
    haggarhaggar Posts: 1,568member


    So is it Apple's fault for having the vulnerability, or other people's fault for trying to take advantage of it?

  • Reply 6 of 44
    MacProMacPro Posts: 19,454member
    haggar wrote: »
    So is it Apple's fault for having the vulnerability, or other people's fault for trying to take advantage of it?

    What an interesting topic for a philosophy class. "Is it ever the fault of any victim when someone with malice aforethought commits a crime against them?" One could argue not having bullet proof skin is responsible for so many murders!
  • Reply 7 of 44
    auxioauxio Posts: 2,416member

    Quote:

    Originally Posted by digitalclips View Post





    What an interesting topic for a philosophy class. "Is it ever the fault of any victim when someone with malice aforethought commits a crime against them?" One could argue not having bullet proof skin is responsible for so many murders!


     


    Or having so many loopholes in tax law is responsible for rampant tax evasion.

  • Reply 8 of 44
    MacProMacPro Posts: 19,454member
    auxio wrote: »
    Or having so many loopholes in tax law is responsible for rampant tax evasion.

    Not clear which side you are on here ...
  • Reply 9 of 44

    Quote:

    Originally Posted by auxio View Post


     


    Or having so many loopholes in tax law is responsible for rampant tax evasion.





    "The legal right of an individual to decrease the amount of what would otherwise be his taxes or altogether avoid them, by means which the law permits, cannot be doubted." - U.S. Supreme Court


     


    The loopholes encourage tax avoidance or mitigation. Evasion is illegal.

  • Reply 10 of 44
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by Sensi View Post


    The guy will try to amass a little fortune before being on the run, lol, pesky russians.



     If he wanted to steal money from itunes customers I doubt that he would have used his real name...

  • Reply 11 of 44
    hungoverhungover Posts: 603member


    Assuming that apple come up with a fix for the exploit, can they force an OTA upgrade. If not, then surely anyone taking advantage of free apps will decline any OTA updates for as long as possible? Additionally is there anyway that apple can "undo" the process?

  • Reply 12 of 44
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by PowerMach View Post


     


    The loopholes encourage tax avoidance or mitigation.



     Seemingly only for those that already pay the lowest rates :(

  • Reply 13 of 44
    auxioauxio Posts: 2,416member

    Quote:

    Originally Posted by PowerMach View Post




    "The legal right of an individual to decrease the amount of what would otherwise be his taxes or altogether avoid them, by means which the law permits, cannot be doubted." - U.S. Supreme Court


     


    The loopholes encourage tax avoidance or mitigation. Evasion is illegal.



     


    So then, could using loopholes in Apple's in-app payment system be considered "payment avoidance or mitigation"?


     


    Basically, I'm trying to show that people think it's ok to be creative in finding workarounds for taxation laws in their own self-interest (while others pay their fair share).  Yet, the same reasoning, when applied to finding workarounds for payment systems (while others pay their fair share) is wrong.  Both are wrong IMO.

  • Reply 14 of 44
    icoco3icoco3 Posts: 1,471member

    Quote:

    Originally Posted by auxio View Post


     


    So then, could using loopholes in Apple's in-app payment system be considered "payment avoidance or mitigation"?


     


    Basically, I'm trying to show that people think it's ok to be creative in finding workarounds for taxation laws in their own self-interest (while others pay their fair share).  Yet, the same reasoning, when applied to finding workarounds for payment systems (while others pay their fair share) is wrong.  Both are wrong IMO.



     


    It is legal to avoid tax...it is illegal to avoid a payment system and steal.  And leave the "fair share" out of it, if that was true, EVERYONE would pay into the system, which, they don't (bottom 50% of taxpayers).

  • Reply 15 of 44
    auxioauxio Posts: 2,416member

    Quote:

    Originally Posted by icoco3 View Post


     


    It is legal to avoid tax...it is illegal to avoid a payment system and steal.  And leave the "fair share" out of it, if that was true, EVERYONE would pay into the system, which, they don't (bottom 50% of taxpayers).



     


    And investors who pay a far lower percentage on income than wage earners.

  • Reply 16 of 44
    icoco3icoco3 Posts: 1,471member

    Quote:

    Originally Posted by auxio View Post


     


    And investors who pay a far lower percentage on income than wage earners.



     


    Nothing evil about profit...but they still pay more $$$, about 90%+ from top 50% and >10% from bottom 50% of overall taxes collected.

  • Reply 17 of 44
    hungoverhungover Posts: 603member

    Quote:

    Originally Posted by icoco3 View Post


     


    Nothing evil about profit...but they still pay more $$$, about 90%+ from top 50% and >10% from bottom 50% of overall taxes collected.



     I don't know about the USA but in most western countries that poorest people pay a higher percentage of their income in taxes. Although they occupy lower income rate bands they are disproportionally affected by sales taxes, given that save little and spend most of their income.


     


    Whilst i am not a fan of sales taxes they do have the advantage of forcing low income earners (who avoid income tax ) to pay taxes. The caveat being that those people are unfairly able to consume more than their honest counter parts.

  • Reply 18 of 44

    Quote:

    Originally Posted by AppleInsider View Post



    The hack, which entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server


     


    Why does the term "Russian Roulette" seem very apt here?


     


    Better to play by the rules & pay the few bucks, than to play with fire & install mysteryware from Russia...

  • Reply 19 of 44
    jdwjdw Posts: 1,017member
    It's interesting to read through some of the posts over there:
    http://www.in-appstore.com/

    People there are basically divided in the same way as folks in this forum, with no one talking about the real problem or long-term solution. Everyone seems to be praising piracy or condemning it, or going off-topic on things like taxes.

    This is really NAPSTER all over again. In the past, people stole music like mad because there was no popular legal means to get that music in a convenient, modern way like the iTunes Music Store. Now most people in deveoped countries buy their music (including myself) rather than stealing it. That's true not because NAPSTER's flame was extinguished but because Apple provided a convenient and reasonably priced solution.

    But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for. Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned, not unlike NAPSTER was to be praised — not for encouraging theft, but for allowing people to Try Before We Buy, and to put pressure on the app industry (i.e., Apple) to change the status quo and give app buyers Trials and give developers App Upgrades in the app store.

    We can howl and cry all we want about right and wrong, but these naughty guys often do more good than bad in the end, especially if we legitimate buyers of apps keep up the pressure in Apple to enacted improvements to the app buying experience:

    http://www.apple.com/feedback/iphone.html
    or
    http://www.apple.com/feedback/ipad.html
  • Reply 20 of 44
    tallest skiltallest skil Posts: 43,399member
    jdw wrote: »
    But with app buying, you don't always know what your getting until you pay, and then you don't get your money back if you don't like what you paid for. Hence this Russian Developer, on some level, is to be praised as much as they are to be condemned, not unlike NAPSTER was to be praised — not for encouraging theft, but for allowing people to Try Before We Buy, and to put pressure on the app industry (i.e., Apple) to change the status quo and give app buyers Trials and give developers App Upgrades in the app store.

    This is about in-app purchases, not the app itself. If you're to the point where you want to spend money inside the app, you're already past the point of deciding whether you want it.

    What, do the pirates want trials on in-app purchases now?
Sign In or Register to comment.