A hack
that lets iOS users trick the App Store into giving them in-app purchases for
free has gone public, potentially costing app makers revenue and causing Apple
a major headache.
The
exploit was first posted Wednesday, but came into prominence early Friday,
after it was publicized by several websites. (In fact, the hack has proven so
popular that the server allowing it is down as of this writing due to
overwhelming demand.
Alexey
V. Borodin of Russia built the in-app purchase hack, which requires several
steps—including installing bogus certificates on your device, and using a
specially-crafted DNS server. Those ingredients combine to fool apps into
believing that they’re communicating with the App Store, when they’re actually
going to a Web server that pretends to be the App Store instead.
For
iDevice owners, the barriers to taking advantage of the flaw aren't so high.
According to Borodin, users must only install two special security certificates
and make purchases over Wi-Fi with modified DNS settings. Borodin told The Next
Web last week that at that time, more than 30,000 in-app "purchases"
had been made through his service.
Behind the hack
To
understand the hack, it’s important to learn a bit about how in-app purchases
work. When a customer completes an in-app purchase, Apple sends the app back a
bit of data. The app is then meant to ping Apple’s servers directly, in
real-time, to confirm the validity of that receipt.
Implications
The
fact that Borodin’s hack exploits an apparent weakness with Apple’s system is
unlikely to sit well with app makers. “The whole point of the [in-app purchase]
system and the App Store is that you shouldn’t have to worry about the system,”
Tabini said. “Otherwise, what are you giving Apple its 30 percent for?.
Reference:
http://news.cnet.com/8301-1009_3-57472983-83/apple-fights-back-at-in-app-freebie-exploit/