In-app purchase hack hits iOS devices

Jul 13, 2012
Tech

As reported by Russian blog i-ekb.ru and confirmed by 9to5Mac this morning, hackers have managed to circumvent Apple’s in-app purchase process. The hack appears to originate from a Russian developer named ZonD80 and a video of the exploit can be seen here: The hack doesn’t require your iPhone or iPod to be jailbroken and it […]

As reported by Russian blog i-ekb.ru and confirmed by 9to5Mac this morning, hackers have managed to circumvent Apple’s in-app purchase process.

The hack appears to originate from a Russian developer named ZonD80 and a video of the exploit can be seen here:

The hack doesn’t require your iPhone or iPod to be jailbroken and it apparently works on devices running iOS 3 and upwards. In technical terms, the hack relies on three steps including the installation of CA certificate, the installation of in-appstore.com certificate, and then the changing of DNS records in the device’s Wi-Fi settings.

The vulnerability resembles a similar one that affected the Mac App Store last year, so hopefully Apple will take steps to fix it quickly, or offer a new way for developers to validate the security certificates and make it harder for someone to subvert the in-app purchase process.

In the meantime, ZDNet published an article explaining how developers may be able to protect themselves from the vulnerability in the short term.

Download the Appolicious Android app

READ  Trending - Did Google Copy Twitter?
Search for more

Marty Gabel

Marty is the former Associate Editor for Appolicious and AndroidApps.com. He lives with his wife and infant daughter in Chicago, via London, England, and the San Francisco Bay Area.

You can follow him on Twitter, but he rarely tweets about work. Instead, he'll likely be flaunting his ham-fisted photography or spreading viral videos of silly cats.

    Home Apps Games