Sloppy coding in some popular iOS games allows hackers to give themselves and others thousands of dollars’ worth of in-app purchases for free.
The hole was discovered by developers at DigiDNA, creator of a backup tool called iMazing that allows iPhone and iPad users to access their devices’ hidden file systems. The developers found that the app backup/restore feature in iMazing 1.3 exposes weaknesses in the way games like Angry Birds 2 and Tetris Free handle in-app purchases.
To demonstrate how easy it is to hack in-app purchases using this method, the DigiDNA team tweaked Angry Birds 2 to start the game with 999,999,999 gems — the equivalent of $10,000 of in-game credits.
SAN FRANCISCO — Victor Broido has an enviable lifestyle. He lives and works 200 yards from a sun-kissed beach. He often kitesurfs before work. Sometimes he surfs during work.
“It was my dream, as a kid, to surf for an hour before going to the office,” Broido said. “That’s my life. It’s happening right now.”
You might want to punch Broido in the face upon hearing this, but he’s the nicest, most self-deprecating guy. You can’t begrudge him anything. Plus, he worked to attain this way of life.
Broido and his colleagues run DigiDNA, an eight-person company based in Geneva, Switzerland, with a satellite office in Geraldton, a small city in remote Western Australia with a reputation for world-class water sports.
DigiDNA is one of thousands of small, independent software developers spawned by the mobile revolution. In 2013, Apple’s App Store revenues topped $10 billion, and a lot of that money flowed to small startups. There are small indies in every category, from games to databases. Lots of them flocked to San Francisco last week for Apple’s annual Worldwide Developers Conference. DigiDNA was a gold sponsor of last week’s AltConf, the alternative conference that ran parallel to Apple’s event. (DigiDNA has also sponsored Cult of Mac’s Cultcast in the past.)