Apple takes steps to block iOS in-app purchase hack

article thumbnail

AppleInsider is supported by its audience and may earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not influence our editorial content.

Apple has enacted measures to block a hack that can allow users to obtain in-app purchases through the iOS App store for free.

The IP addresses used by a Russian hacker for the exploit were blocked over the weekend, according to The Next Web. Apple also reportedly issued a takedown request against the servers used, and issued a copyright claim to remove the YouTube video that showed users how to utilize the exploit.

In addition, PayPal issued a block on hacker Alexey V. Borodin's account, preventing him from collecting donations for violating its terms of service.

The hack, which entails installing forged digital certificates onto an iOS device and connecting to a unique DNS server, was first publicized last week. Apple quickly issued a statement to say it was investigating the matter, adding that the company takes "reports of fraudulent activity very seriously."

Prior to Apple's takedown efforts, Borodin claimed that his method had already been used to process more than 30,000 illegal in-app payment requests. However, the hack has not been completely quashed, as Borodin continues to find ways to keep the exploit alive.

Screenshot of Borodin's in-app purchasing workaround being used on CSR Racing. | ZonD80's YouTube channel

Apple's current methods to block the hack are likely a short-term fix. Developers believe a more permanent solution would be easy for Apple to create, though it would likely require a software update for iPhone and iPad users.

Apple first introduced in-app purchases with the release of iOS 3.0 in 2009. The feature was initially limited to paid applications, but was made available to free apps later that year. Apple takes a 30 percent cut of revenue generated from in-app purchases.