Monday, July 16, 2012, 01:02 pm

Apple takes steps to block iOS in-app purchase hack

By Katie Marsal

Apple has enacted measures to block a hack that can allow users to obtain in-app purchases through the iOS App store for free.

The IP addresses used by a Russian hacker for the exploit were blocked over the weekend, according to The Next Web. Apple also reportedly issued a takedown request against the servers used, and issued a copyright claim to remove the YouTube video that showed users how to utilize the exploit.

In addition, PayPal issued a block on hacker Alexey V. Borodin's account, preventing him from collecting donations for violating its terms of service.

The hack, which entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server, was first publicized last week. Apple quickly issued a statement to say it was investigating the matter, adding that the company takes "reports of fraudulent activity very seriously."

Prior to Apple's takedown efforts, Borodin claimed that his method had already been used to process more than 30,000 illegal in-app payment requests. However, the hack has not been completely quashed, as Borodin continues to find ways to keep the exploit alive.


Apple's current methods to block the hack are likely a short-term fix. Developers believe a more permanent solution would be easy for Apple to create, though it would likely require a software update for iPhone and iPad users.

Apple first introduced in-app purchases with the release of iOS 3.0 in 2009. The feature was initially limited to paid applications, but was made available to free apps later that year. Apple takes a 30 percent cut of revenue generated from in-app purchases.