Apple is working to block the Russian servers that are allowing users to circumvent iOS in-app purchases and obtain content for free. The Cupertino company reportedly began blocking certain IP addresses over the weekend, and had one server taken down. But despite its efforts, the service continues to work.
Discovered by Russian hacker Alexey V. Borodin, the exploit allowed iOS users to obtain any kind of in-app purchase — including in-game currency and extra content — for free. Borodin’s method could be used by almost anyone, and there was nothing developers could do to prevent it.
Borodin set up the website In-AppStore.com to facilitate the scam, and he revealed to The Next Web that he has already processed over 30,000 payment requests.
However, Apple is now working to block Borodin’s exploit. Before it began blocking his servers, the company issued a takedown request on the original server, and this was taken down by the host located in Russia. Since then, however, Borodin has setup a new one in another country in an effort to avoid Apple’s block.
Borodin tells us that the new service has been updated and cuts out Apple’s servers, “improving” the protocol to include its own authorisation and transaction processes. The new method “can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled.”
Borodin has also altered his process to force users to sign out of their iTunes accounts before using the service, so that he cannot be accused of stealing their data.
Apple has had Borodin’s original demonstration video blocked on YouTube, and PayPal has blocked all donations to his account. But the hacker has no intention of giving up, and as The Next Web notes, what was originally a simple security exploit has now turned into a game of cat and mouse between Apple and Borodin. What’s interesting, however, is that Borodin claims Apple has not contacted him directly.
It goes without saying that Borodin’s exploit deprives iOS developers of the revenues they would usually collect from these in-app purchases, and is equal to stealing paid apps. With that said, we’d advise anyone to steer clear of this service.
Source: The Next Web
Killian Bell is a freelance writer based in the U.K. He has an interest in all things tech and also covers Android over at CultofAndroid.com. You can follow him on Twitter via @killianbell.
5 responses to “Apple Attempts To Block Russian Servers Circumventing iOS In-App Purchases”
“there was nothing developers could do to prevent it.”
Sure there is; in-app receipts.
“What’s interesting, however, is that Borodin claims Apple has not contacted him directly.”
Duh. He said in interviews last week that he wants Apple to offer him a job. Not when he’s damaging his prospective employer.
Err…maybe you want to read more
That’s another matter, hacker do and said that all the time. Apple should contacted him on regard of this hack since Borodin obviously know a thing or two about Apple security loophole. Whether or not Borodin to cooperate that another story
Can’t believe, I thought it was secure
you know how sad this is? they have control over what apps get published on the app store and come up with all these rules… claiming that making an open source application is like making communism and STILL people manage to do what they want on their devices.