Hack allows free access to in-app iOS purchases [u]
A video released on Wednesday reportedly details an iOS "hack" that allows free access to in-app purchases for certain apps and is likely to cause developers to lose money until the hole is patched.
Editor's note: AppleInsider does not condone illegal activity or EULA abuse and in no way endorses the activity described below. As such this article is presented purely for discussion.
According to a report by MacWorld, Russian coder Alexey V. Borodin is responsible for finding and taking advantage of the exploit which was subsequently posted to YouTube. As of this writing the video had accumulated over 2,000 views.
The process entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server which the app believes to be Apple's official App Store. Borodin explains that the server then sends spoofed code receipts, normally issued by Apple, to the app which in turn validates the purchase. He goes on to say that the receipts were "easy to spoof" because they are generic and contain no specific user data.
While other hacks require a jailbroken iOS device able to run proprietary code, the newest iOS exploit simply takes advantage of what can be perceived as a hole in Apple's purchasing system.
Apparently Borodin created the bypass as a "challenge" to developers of CSR Racing, a so-called "freemium" app that costs nothing to download but offers exclusive in-app purchases to unlock special content.
?I set this up due to hungry and lazy developers, Borodin wrote in an instant message conversation with the publication. "I was very angry to see that CSR Racing developer taking money from me every single breath.?
Screenshot of Borodin's in-app purchasing workaround being used on CSR Racing. | ZonD80's YouTube channel
Instapaper developer Marco Arment believes that the hack will only work for one-time in-app purchases while subscription-based buys should be unaffected.
?It probably won?t affect the auto-renewing subscriptions, since they rely on a lot of server-side processing to track, but it wouldn?t surprise me if it could affect any other [in-app purchase] type (including non-renewable ?subscriptions? like what Instapaper uses) if the apps don?t check with Apple?s verification servers from their own web services,? Arment writes.
Employing the hack not only affects developers' incomes but users could face negative implications as well and the fault may lie with Apple's purchasing system.
?I can see the Apple ID and password [of users who use the hack],? Borodin said. ?But not the credit card information.? It appears that Apple's system passes both bits of sensitive information to the Apple Store server in unencrypted plain text.
The exploit is likely an easy fix for Apple, said developer Marco Tabini, though a patch woud likely involve a software update.
Borodin claims that he is not worried about any legal action from Apple and instead took a different spin on the situation: ?I?m a happy user of iPhone 4S ? I think they will hire me.?
Update: Apple caught wind of Borodin's successful App Store receipt validation scheme and has issued the following statement (via The Loop):
Editor's note: AppleInsider does not condone illegal activity or EULA abuse and in no way endorses the activity described below. As such this article is presented purely for discussion.
According to a report by MacWorld, Russian coder Alexey V. Borodin is responsible for finding and taking advantage of the exploit which was subsequently posted to YouTube. As of this writing the video had accumulated over 2,000 views.
The process entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server which the app believes to be Apple's official App Store. Borodin explains that the server then sends spoofed code receipts, normally issued by Apple, to the app which in turn validates the purchase. He goes on to say that the receipts were "easy to spoof" because they are generic and contain no specific user data.
While other hacks require a jailbroken iOS device able to run proprietary code, the newest iOS exploit simply takes advantage of what can be perceived as a hole in Apple's purchasing system.
Apparently Borodin created the bypass as a "challenge" to developers of CSR Racing, a so-called "freemium" app that costs nothing to download but offers exclusive in-app purchases to unlock special content.
?I set this up due to hungry and lazy developers, Borodin wrote in an instant message conversation with the publication. "I was very angry to see that CSR Racing developer taking money from me every single breath.?
Screenshot of Borodin's in-app purchasing workaround being used on CSR Racing. | ZonD80's YouTube channel
Instapaper developer Marco Arment believes that the hack will only work for one-time in-app purchases while subscription-based buys should be unaffected.
?It probably won?t affect the auto-renewing subscriptions, since they rely on a lot of server-side processing to track, but it wouldn?t surprise me if it could affect any other [in-app purchase] type (including non-renewable ?subscriptions? like what Instapaper uses) if the apps don?t check with Apple?s verification servers from their own web services,? Arment writes.
Employing the hack not only affects developers' incomes but users could face negative implications as well and the fault may lie with Apple's purchasing system.
?I can see the Apple ID and password [of users who use the hack],? Borodin said. ?But not the credit card information.? It appears that Apple's system passes both bits of sensitive information to the Apple Store server in unencrypted plain text.
The exploit is likely an easy fix for Apple, said developer Marco Tabini, though a patch woud likely involve a software update.
Borodin claims that he is not worried about any legal action from Apple and instead took a different spin on the situation: ?I?m a happy user of iPhone 4S ? I think they will hire me.?
Update: Apple caught wind of Borodin's successful App Store receipt validation scheme and has issued the following statement (via The Loop):
?The security of the App Store is incredibly important to us and the developer community, Natalie Harrison, told The Loop. ?We take reports of fraudulent activity very seriously and we are investigating.?
Comments
"To get the word out and make sure Apple and developers know about it."
Still.
Quote:
Originally Posted by Tallest Skil
"To get the word out and make sure Apple and developers know about it."
Why don't you get a life and actually try to improve upon your world instead of stealing from hard working developers who are trying to make a living?
This is probably better not blasted all over every Apple fansite.
Probably so, but too late because AI was actually late to this party.
Who really wants to pass their user name and password to Russia? Please people, you're only asking for trouble if you use this hack.
Yeah, or you could simply not buy it. But hey, some people think they are entitled to steal.
That's exactly the mindset.
"I can't afford it, so I'm entitled to download it for free. This can't be illegal."
Quote:
Originally Posted by GregInPrague
Probably so, but too late because AI was actually late to this party.
Who really wants to pass their user name and password to Russia? Please people, you're only asking for trouble if you use this hack.
"Editor's note: AppleInsider does not condone illegal activity or EULA abuse and in no way endorses the activity described below. As such this article is presented purely for discussion."
Bullshit. It is despicable that AI would publish this crap. You might as well publish the IP addresses of all the torrent sites and publish a little tutorial on how to steal software and music. I saw this on MacRumors early this morning. You know what one lowlife, dirt/douche bag posted? "Me want!"
Quote:
Originally Posted by Tallest Skil
That's exactly the mindset.
"I can't afford it, so I'm entitled to download it for free. This can't be illegal."
This is why movies, songs and software are pirated by nearly all young people throughout Europe. "I wouldn't pay for it, so they're not losing money if I take it." Most people that I know under 35 years old go to the movies maybe twice a year, everything else is pirated. So far there are no consequences, so what argument is there against it? When you talk about morality you get laughed at.
Quote:
Originally Posted by AppleInsider
Editor's note: AppleInsider does not condone illegal activity or EULA abuse and in no way endorses the activity described below. As such this article is presented purely for discussion.
Oh of course, but you'll be happy to give you the hacker's YouTube channel and enjoy the ad revenue from all the page hits.
So how do we change this? What needs done to get these morons back on track?
And use your greed to steal your Apple ID and password so I can buy a ton of stuff and sell it on eBay. I'll get my cousins in America to help me by buying it to pickup in store with their name as okay to pick up for you. In and out before you know what hit you, you lazy greedy turd.
Short of catching them and putting them and the torrent etc site owners in jail for life, nothing
The best you can do is curb the ones that has a solveable reason. Like they say they do it cause iTunes only has 480p video or no subtitles/language tracks, the cost, it doesn't come to their country etc.
Could get all ISPs to block all P2P.
Quote:
Originally Posted by Tallest Skil
So how do we change this? What needs done to get these morons back on track?
In the current climate I don't know how you can. If the society can't agree whether truth is relative or not how can you say what is right or wrong? When elected officials are consistently getting away with obvious corruption why should a teenager feel guilty about downloading a few movies? In my opinion piracy won't diminish until either A) Laws are put into place with real teeth (they've tried and there's been huge backlash across Europe in the last year) or
Quote:
Originally Posted by GregInPrague
Probably so, but too late because AI was actually late to this party.
Who really wants to pass their user name and password to Russia? Please people, you're only asking for trouble if you use this hack.
It takes an amazing combination of a sense of entitlement to everything for free and sheer stupidity to re-route your internet traffic through an untrusted Russian server just to save a few bucks.
Yay for "free acces"!
Quote:
Originally Posted by Tallest Skil
Could get all ISPs to block all P2P.
You really think anyone could convince all the ISPs in the world to block such things
Quote:
Originally Posted by Tallest Skil
So how do we change this? What needs done to get these morons back on track?
You say that as though anyone who pirates movies is the scum of the earth. And to be honest, it's one of the lesser problems on the internet. Focus needs to be on serious offences, like paedophilia. Not downloading a movie that's already grossing hundreds of millions of dollars (or software from a multibillion company, like Apple, Microsoft or Adobe).
Quote:
Originally Posted by Tallest Skil
Could get all ISPs to block all P2P.
Impossible. Many services use P2P that aren't torrent sites.
Simple really:
Make it more worthwhile to pay for it than to steal it. Unfortunately, not so simple to implement such a system in a digital era.
With digital content, there is such a disconnect between cause and effect that the gains from honesty are as unrecognisable as the damage done by dishonesty.
The content providers don't help matters by blocking content by region and providing it after long periods of time through exclusive/expensive distribution channels, by implementing restrictive DRM and by using measures to extort money from users via hidden charges.
People wouldn't steal movies quite so much if new movies went straight to Blu-Ray but the movie industry has managed to persuade people that a movie going direct to video/DVD/Blu-Ray means it's a failed movie when in fact, the distribution format means nothing about the quality. It's just that the movie industry knows that controlling the distribution means they can control the profits. Once it goes to retail, their control is gone.
The music industry has embaced DRM-free audio but no such luck with DRM-free video yet. I think this is due to music files being so small that it is hard to have a service where people can find what they want and get consistent quality so iTunes ends up being more worthwhile as it's 99c per song and you can find as much music as you like with quality control. If a movie is $10-15 and only comes on a DRM disc or download and you can't put it on a mobile device easily, paying for it is worse than stealing it.
I think the app issue is a minor one because the App Store works in a similar way to music. Lots of inexpensive content where it's harder to steal than pay for it. If the App Store content is worth paying for, people will generally pay for it. There certainly won't be a significant volume of the 300 million+ users who go out of their way to steal the content.