Apple Attempts To Block Russian Servers Circumventing iOS In-App Purchases

Apple Attempts To Block Russian Servers Circumventing iOS In-App Purchases

The hacker circumventing in-app purchases like these is Apple’s latest target.

Apple is working to block the Russian servers that are allowing users to circumvent iOS in-app purchases and obtain content for free. The Cupertino company reportedly began blocking certain IP addresses over the weekend, and had one server taken down. But despite its efforts, the service continues to work.

Discovered by Russian hacker Alexey V. Borodin, the exploit allowed iOS users to obtain any kind of in-app purchase — including in-game currency and extra content — for free. Borodin’s method could be used by almost anyone, and there was nothing developers could do to prevent it.

Borodin set up the website In-AppStore.com to facilitate the scam, and he revealed to The Next Web that he has already processed over 30,000 payment requests.

However, Apple is now working to block Borodin’s exploit. Before it began blocking his servers, the company issued a takedown request on the original server, and this was taken down by the host located in Russia. Since then, however, Borodin has setup a new one in another country in an effort to avoid Apple’s block.

Borodin tells us that the new service has been updated and cuts out Apple’s servers, “improving” the protocol to include its own authorisation and transaction processes. The new method “can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled.”

Borodin has also altered his process to force users to sign out of their iTunes accounts before using the service, so that he cannot be accused of stealing their data.

Apple has had Borodin’s original demonstration video blocked on YouTube, and PayPal has blocked all donations to his account. But the hacker has no intention of giving up, and as The Next Web notes, what was originally a simple security exploit has now turned into a game of cat and mouse between Apple and Borodin. What’s interesting, however, is that Borodin claims Apple has not contacted him directly.

It goes without saying that Borodin’s exploit deprives iOS developers of the revenues they would usually collect from these in-app purchases, and is equal to stealing paid apps. With that said, we’d advise anyone to steer clear of this service.

Related
  • SulaymanF

    “there was nothing developers could do to prevent it.”
    Sure there is; in-app receipts.

  • SulaymanF

    “What’s interesting, however, is that Borodin claims Apple has not contacted him directly.”

    Duh. He said in interviews last week that he wants Apple to offer him a job. Not when he’s damaging his prospective employer.

  • Matt Norad

    Sure there is; in-app receipts.

    Err…maybe you want to read more

    Duh. He said in interviews last week that he wants Apple to offer him a job. Not when he’s damaging his prospective employer.

    That’s another matter, hacker do and said that all the time. Apple should contacted him on regard of this hack since Borodin obviously know a thing or two about Apple security loophole. Whether or not Borodin to cooperate that another story

  • Vazovski

    Can’t believe, I thought it was secure

  • joedoe47

    you know how sad this is? they have control over what apps get published on the app store and come up with all these rules… claiming that making an open source application is like making communism and STILL people manage to do what they want on their devices.

About the author

Killian BellKillian Bell is a freelance writer based in the UK. He has an interest in all things tech, but most enjoys covering Apple, anything mobile, and gaming. You can follow him on Twitter via @killianbell, or through his website.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News, Top stories | Tagged: , , , , , , , , , |