1. Akshay Masand's Avatar


    Alexey Borodin, the Russian hacker responsible for discovering a system that circumvents in-app purchases recently confirmed that Apple’s newly-instituted receipt validation system is in fact effective. In a new blog post titled “It’s all over… for now” on his website, Borodin said that there is no way to bypass the new APIs Apple rolled out late last week as a quick fix for the revenue-stealing exploit which was made public earlier.

    The exploit, which validated fraudulent purchases by routing them through a specialized DNS server that spoofed digital receipts. was discovered first for the iOS platform and more recently for Mac apps. Apple responded by blocking the IP addresses associated with Borodin’s workaround and attempted to shut down the DNS servers hosting the receipt validations.

    Apple announced a temporary solution to developers allowing them to plug the hole days later and announced that a permanent fix would be present in the upcoming iOS 6 mobile operating system. Borodin posted the following on his blog:

    Hello everyone.

    By examining last apple's statement about in-app purchases in iOS 6, I can say, that currently game is over. Currently we have no way to bypass updated APIs. It's a good news for everyone, we have updated security in iOS, developers have their air-money.
    But, service will still remain operational until iOS 6 comes out.

    The another thing is for in-appstore for OS X. We still waiting for apple's reaction and we have some cards in the hand. It's good that OS X is open.
    Apple’s solution leverages receipts which carry a “unique identifier” to validate in-app purchases. The previous system just generated generic receipts with no specific user data attached, therefore allowing for easy spoofed validations. As of right now, it isn’t clear what type of unique identifier is being used, although some are speculating that it could be a proprietary system based on UDID data.

    It isn’t much of a surprise to see such a big issue being responded to so quickly. Especially given the sheer number of those affected by a loss in revenue due to the exploit. That being said, many do wonder if this will turn to another cat-and-mouse game, although this is definitely one Apple will stay on top of with utmost importance.

    Source: Alexey Borodin (blog)

    Twitter: @AkshayMasand
    2012-07-24 01:11 AM
  2. Mrteacup's Avatar
    Vodka bears!
    2012-07-24 01:23 AM
  3. Artist701's Avatar
    Mod edit: comment removed
    Last edited by i.Annie; 2012-07-24 at 04:44 AM.
    2012-07-24 01:48 AM
  4. romeoz's Avatar
    mod edit, comment removed.
    Last edited by Bo Troxell; 2012-07-24 at 02:40 AM.
    2012-07-24 02:14 AM
  5. dopeyrat's Avatar
    it not like this is new news....
    Read the forum Rules.
    Last edited by Bo Troxell; 2012-07-24 at 02:41 AM.
    2012-07-24 02:37 AM
  6. xXR3H@NXx.'s Avatar
    Good thing this is over.

    Mod edit: Unnecessary comment removed.
    Last edited by i.Annie; 2012-07-24 at 04:44 AM.
    2012-07-24 03:33 AM
  7. mustard05's Avatar
    HAHA, I feel like I should make a comment that should be edited or modified by the admin. I mean, every other comment has been edited. LOL
    2012-07-24 05:14 AM
  8. Agent929's Avatar
    HAHA, I feel like I should make a comment that should be edited or modified by the admin. I mean, every other comment has been edited. LOL
    Wow way to ruin the article with all the edits lol
    War is my mission. Killing is my ambition.
    2012-07-24 05:18 AM
  9. mustard05's Avatar
    Wow way to ruin the article with all the edits lol
    Just goes to show you, they(admin) can say whatever they like, but us little people will be edited or modified. Haha
    2012-07-24 05:20 AM
  10. Agent929's Avatar
    Just goes to show you, they(admin) can say whatever they like, but us little people will be edited or modified. Haha
    So true lol
    War is my mission. Killing is my ambition.
    2012-07-24 05:29 AM
  11. xXR3H@NXx.'s Avatar
    I said good thing it's over but there is a way to get free iaps
    2012-07-24 05:54 AM
  12. mustard05's Avatar
    I said good thing it's over but there is a way to get free iaps
    That's it? Seriously?
    2012-07-24 05:58 AM
  13. romeoz's Avatar
    I just said this is nothing new....
    Last edited by Bo Troxell; 2012-07-24 at 06:48 AM.
    2012-07-24 06:00 AM
  14. MXCO's Avatar
    I just said this is nothing new.........this site is starting to become a joke...
    +1
    Last edited by Bo Troxell; 2012-07-24 at 06:50 AM.
    "You may say I'm a dreamer, but I'm not"
    2012-07-24 06:07 AM
  15. mustard05's Avatar
    I just said this is nothing new.........this site is starting to become a joke...
    I had a post removed earlier this evening on a different post by the Mods. Oh well…. Just laugh and move on. They obviously are having issues.
    Last edited by Bo Troxell; 2012-07-24 at 06:47 AM.
    2012-07-24 06:09 AM
  16. Hogs4Life's Avatar
    Got what I wanted days ago, so did millions. Suck on that Apple!
    2012-07-24 06:58 AM
  17. mustard05's Avatar
    Got what I wanted days ago, so did millions. Suck on that Apple!
    Why are u here then?? Seriously.
    2012-07-24 07:07 AM
  18. bigray's Avatar
    Why are u here then?? Seriously.
    We are here to get the latest news. I actually didn't know about the inapp purchase hack until I saw it on here and then google found it for me
    2012-07-24 10:30 AM
  19. kyphur's Avatar
    Quick question for anyone who actually used the Russian Hack:

    Is a few free in app purchases really worth the risk allowing a hacker access to your iDevice? Seriously once shutdown those "purchases" won't stick as they're not recorded in Apple's system.
    2012-07-24 02:14 PM
  20. xXR3H@NXx.'s Avatar
    That's it? Seriously?
    Yup and its safe but not all games work but most games and it's a cydia tweak. You wanna know?
    2012-07-24 04:04 PM
29 12
LINK TO POST COPIED TO CLIPBOARD
We have updated our Privacy Policy and Terms & Conditions. Please check them out.