Hackers crack Apple's iTunes gift card algorithm
$200 iTunes Gift Certificates are selling for less than $3 in China now that a group of local hackers has circumvented Apple's algorithm for creating the digital vouchers and built their own gift certificate generators.
According to Outdustry, which describes itself as a music industry consultancy specializing in the Chinese music business, sellers on China's largest consumer-to-consumer online shopping site are marketing these illegitimate vouchers directly to customers.
"Choose one seller whose Taobao IM is online, talk to him a little bit, purchase his product and pay money to Taobao's online payment system, Alipay, which supports most banks in China," the report says. "All the seller actually sells is the gift voucher code which they send you directly through Taobao's IM software. You can then redeem the card in your iTunes account."
The consultancy adds that legitimate digital music download sites are few in China, as a free mp3 search is dominant. The $200 cards are going for just 18RMB ($2.60) at the site.
"We make more money as the amount of customer is growing rapidly," said the owner of the Taobao shop contacted for Outdustry's story. He also acknowledged having paid the hackers an undisclosed sum for use of their iTunes Gift Certificate generators. "The hackers are based in China, but I don't know if they do the same thing in eBay," he said.
This screenshot, translated via Google, shows 77,593 codes available for purchase.
According to the owner, the business started half a year ago. Apple has not commented, but it would come as no surprise if the company alters its algorithms in an attempt to prevent the practice.
Meanwhile, Apple is still negotiating with Chinese carriers to bring the iPhone to China, but progress has been slow.
According to Outdustry, which describes itself as a music industry consultancy specializing in the Chinese music business, sellers on China's largest consumer-to-consumer online shopping site are marketing these illegitimate vouchers directly to customers.
"Choose one seller whose Taobao IM is online, talk to him a little bit, purchase his product and pay money to Taobao's online payment system, Alipay, which supports most banks in China," the report says. "All the seller actually sells is the gift voucher code which they send you directly through Taobao's IM software. You can then redeem the card in your iTunes account."
The consultancy adds that legitimate digital music download sites are few in China, as a free mp3 search is dominant. The $200 cards are going for just 18RMB ($2.60) at the site.
"We make more money as the amount of customer is growing rapidly," said the owner of the Taobao shop contacted for Outdustry's story. He also acknowledged having paid the hackers an undisclosed sum for use of their iTunes Gift Certificate generators. "The hackers are based in China, but I don't know if they do the same thing in eBay," he said.
This screenshot, translated via Google, shows 77,593 codes available for purchase.
According to the owner, the business started half a year ago. Apple has not commented, but it would come as no surprise if the company alters its algorithms in an attempt to prevent the practice.
Meanwhile, Apple is still negotiating with Chinese carriers to bring the iPhone to China, but progress has been slow.
Comments
First they harass our ships...now they play with apple
And yeah, "free trade" makes a lot of sense when dealing with countries like this, doesn't it?
I found the link =P
So how does Apple fix this without breaking existing legit Gift Cards?
And yeah, "free trade" makes a lot of sense when dealing with countries like this, doesn't it?
The easiest way is to invalidate all the cards. All current cards become unusable online. Then you say people can bring the legitimate cards in for trade for a version 2.0 card, worth slightly more to cover the inconvenience.
Are these for the US itunes Store? why would they want them in China?
Buying gift cards from out of the country is a great way of accessing other country's stores. I buy gift cards from Japan (through jbox) so that I can purchase J-Pop music from their store, even though I live in the US (I have a US account with one email address, and a Japan account with another).
Unfortunately, I suspect that one of the side effects of this scam is that Apple may now actively restrict access to stores to IP addresses local to that store's country. I'd better start downloading, as I've got about ¥7000 in my account right now!
This way Apple could rotate the algorithm for the PIN on a weekly, or daily basis, without invalidating all the cards in the retail pipeline (In the future - wouldn't help now of course).
So how does Apple fix this without breaking existing legit Gift Cards?
And yeah, "free trade" makes a lot of sense when dealing with countries like this, doesn't it?
You're right because nothing like that would ever happen in America.
If an American hacker found the algorithm he would sell it to a shady business person who would then generate thousands of codes and create a ponzi scheme of iTunes digital codes and it would all be great until apple flipped the switch and the whole thing came crashing down bringing with it the insurance companies who were insuring bogus iTunes codes.
Ok maybe I'm exaggerating (a little).
Buying gift cards from out of the country is a great way of accessing other country's stores. I buy gift cards from Japan (through jbox) so that I can purchase J-Pop music from their store, even though I live in the US (I have a US account with one email address, and a Japan account with another).
Unfortunately, I suspect that one of the side effects of this scam is that Apple may now actively restrict access to stores to IP addresses local to that store's country. I'd better start downloading, as I've got about ¥7000 in my account right now!
I understand there are regional lisensing issues at play but why the hell can't the music industry pull their colletive heads out of their asses and realize people are willing to pay for music not from their own country. You'd think they would be all over new revenue streams. The movie/television industry is slowly catching on. Are they scared that Jpop, german techno, and brazillian pop music might catch on in the states? I honestly don't get it.
Gotta love China!
I always wonder (bigger picture wise), how on earth that many people will eventually be integrated into "world society" when they have such low regard for law or morality. I mean we will all be one people some day, but how that's going to work with China has always mystified me.
Say what you will about other countries and peoples, but Chinese culture seems to have a rampant moral blindness. Even the most radical Islamic terrorist actually do what they do because they thinks it's "right" and moral to do so.
It seems like the whole of Chinese culture is based just on mercantile interests sometimes. Communist in name, Capitalist in outlook, ends up being Fascist in practice IMO. Rush Limbaugh and Co. would be right at home there.
And no, ... not a racist, lots of Chinese friends etc. (who mostly agree with this).
If you aren't from China there is very little reason to want these. Why pay money and go through the rigamarole when Torrents and NewsGroups are easier.
Thats true with Media, not so true with Apps.
If you aren't from China there is very little reason to want these. Why pay money and go through the rigamarole when Torrents and NewsGroups are easier.
Thief.
Ok maybe I'm exaggerating (a little).
Or not.
I always wonder (bigger picture wise), how on earth that many people will eventually be integrated into "world society" when they have such low regard for law or morality. I mean we will all be one people some day, but how that's going to work with China has always mystified me.
Say what you will about other countries and peoples, but Chinese culture seems to have a rampant moral blindness. Even the most radical Islamic terrorist actually do what they do because they thinks it's "right" and moral to do so.
It seems like the whole of Chinese culture is based just on mercantile interests sometimes. Communist in name, Capitalist in outlook, ends up being Fascist in practice IMO. Rush Limbaugh and Co. would be right at home there.
And no, ... not a racist, lots of Chinese friends etc. (who mostly agree with this).
Devils advocate: What does that say about the other countries and companies that have no problems striking up deals for cheap materials and labour from China? And to a lesser a extent, those that buy the products knowing where they were produced. Are we not just supporting this corrupt system, making it more powerful while inadvertently justifying its actions?
Thats true with Media, not so true with Apps.
Good point.