Hacker tricks Apple app pay system, posts YouTube how-to

Jul 14, 2012 by Nancy Owano report
Hacker tricks Apple app pay system, posts YouTube how-to

(Phys.org) -- Apple’s 2012 Friday the Thirteenth turned memorable for the company yesterday with news outside Apple traveling fast and furious that a hacker was offering instructions on a YouTube video, telling iOS users how to wrest free access to paid iOS app content. The exploit was first posted earlier in the week, but achieved wide attention early Friday, with postings on numerous websites. A Russian hacker found a way to get hold of in-app purchasing power. Using the name ZonD80, he was also, it was learned, running a website In-AppStore.com with everything needed for the hack to work. He said donations were being accepted to support the project and help to keep servers up and running.

The most interesting, and troubling to some developers, feature of the new exploit was that it was so easy; no jailbreak was needed. Software developer Alexey V. Borodin aka ZonD80 showed a simple three-step technique for beating 's payment systems by installing a few certificates (CA and appstore.com) and changing the DNS in Wi-Fi settings—basically a matter of installing system certificates and doing a certain Wi-Fi tweak.

The technique included a fake in- purchase server as well as a custom DNS server. The exploit worked on devices running iOS 3.0 to 6. According to reports, however, the hack did not work in specific regions around the world. The reason suggested is that developers there were using enhanced ways to protect their apps.

The exploit for circumventing Apple’s in-app purchasing system was first flagged by a Russian blog i-ekb.ru. Reacting to their tips, news of the exploit tutorial was soon after reported on the Apple-watching site, 9to5 Mac. The comments were that, since the published instructions were already getting attention, the site decided to carry the story too “as a warning to the Apple developer community.”

By 3 pm yesterday, the hack was getting so popular that the server enabling it bucked under the high demand. Apple, meanwhile, issued a statement.

“The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison, said. “We take reports of fraudulent activity very seriously and we are investigating.”

Since Apple’s App Store is such a popular storefront for buying mobile apps, the store has also been the most desirable platform for developers trying to make money. The news of such an easy and successful exploit has not gone down well with some developers who would prefer better news, such as how Apple’s purchase system is adequately secure.

Developer Marco Tabini told Macworld that Apple’s approach to receipt validation is flawed.

“The whole point of the [in-app purchase] system and the App Store is that you shouldn’t have to worry about the system,” Tabini said. “Otherwise, what are you giving Apple its 30 percent for?”

Explore further: App teaches kindergartners basic computer coding

Related Stories

Apple's March 2012 sandbox rule angers developers

Nov 05, 2011

Apple has finally issued its directive toward developers after a stalled November date. As of March 2012 Mac apps submitted to the Mac App store will have to abide by sandboxing requirements. While developers ...

Apple’s App Store Downloads Top 1.5 Billion in First Year

Jul 14, 2009

Apple today announced that customers have downloaded more than 1.5 billion applications in just one year from its App Store, the largest applications store in the world. The App Store is also growing at an incredible pace ...

Mac App Store downloads top 100 million

Dec 12, 2011

Apple on Monday said that more than 100 million mini-programs tailored for Macintosh computers have been downloaded from the Mac App Store since it opened at the start of the year.

Recommended for you

Microsoft skips Windows 9 to emphasize advances

Sep 30, 2014

The next version of Microsoft's flagship operating system will be called Windows 10, as the company skips version 9 to emphasize advances it is making toward a world centered on mobile devices and Internet ...

User comments : 18

Adjust slider to filter visible comments by rank

Display comments: newest first

Bowler_4007
3.6 / 5 (7) Jul 14, 2012
you know i can understand devs wanting to make money for their hard work but apple take biscuit with fees and commission, oh and lets not forget the price of their devices, ok few devices measure up but apple is a corporation and can afford to design and build high quality hardware, so what it comes down to is their money grabbing ways which frankly spoils the fun (for me at least), i hope the nexus is a game changer
Eikka
4 / 5 (4) Jul 14, 2012
Otherwise, what are you giving Apple its 30 percent for?


Exactly. Centralised appstores are a big risk, because it represents a one-point-failure that compromizes the entire system, and is likely to do so because companies like Apple always try to cut corners for profitability.

Compatibility and common standards is better than walled gardens. Too bad it would mean you get the same apps for Android and IOS, or any other OS without Apple getting a say in the matter.
antialias_physorg
2.4 / 5 (13) Jul 14, 2012
but apple is a corporation and can afford to design and build high quality hardware

But they don't. They really don't. Look at the teardowns of the iPhone, iPad, iMac, iPod or anything else they manufacture. The technical specs are pitiful.

All Apple can do well is build shiny white cases (which costs them next to nothing. But they make the consumer pay 300% more for the stuff that is in there as compared to when you buy it from any other company. They just figured out that it's just looks that count).
Bowler_4007
2.7 / 5 (6) Jul 14, 2012
but apple is a corporation and can afford to design and build high quality hardware

But they don't. They really don't. Look at the teardowns of the iPhone,....(too long to quote)

the specs of other tablets often don't measure up component quality is a different matter, also upon picking up the various tablets you would get the impression that an apple device is more well built and robust than others, i should point that i'm not doing a price to hardware comparison as i implied earlier the price of apple devices is extortionate, but for me thats not the biggest problem as i mentioned they take money from hard working devs i don't know of any other company that does that, meh getting wound up now apple are getting whats coming to them unfortunately they also put devs in the firing line, pisses me off so much...
SteveL
5 / 5 (3) Jul 14, 2012
Apple makes pretty good products, so I've heard. But as Apple has been achieving success in the marketplace the public perception of them as being the underdog fades. Consequently they will become more under attack by hackers like micro$oft products have been for decades. It's no longer hands off because Apple is one of the big boys now.
krundoloss
4.1 / 5 (8) Jul 14, 2012
Apples products look good, work well and perform well. Why? Same reasone that your microwave does, or your tv. Anytime you design hardware for a specific software and design the software for specific hardware, of course it works well! Android has to make thier os work with thousands of different devices, while iOS runs on a select few. Basically, by being proprietary, they can make more reliable technology. This does lead to high prices and limited freedom for users......... Choose your poison, proprietary expensive devices that work well and last a long time, or cheaper devices that use software not designed specifically for them, then deal with compatibility, performance and software problems that come with it.
Bowler_4007
3.8 / 5 (4) Jul 14, 2012
Apples products look good, work well and perform well. Why? Same reasone that your microwave does, or your tv. Anytime you design hardware for a specific software and design the software for specific hardware, ... and the rest

windows is reliable (most of the time) and it has to support whole multitude of hardware, android is the same in a lot of respects, now turn your attention to ios, it may be reliable, but if you threw new hardware at it chances are it would cough, wheeze and break down
SatanLover
3.7 / 5 (3) Jul 14, 2012
Apples products look good, work well and perform well. Why? Same reasone that your microwave does, or your tv. Anytime you design hardware for a specific software and design the software for specific hardware, ... and the rest

windows is reliable (most of the time) and it has to support whole multitude of hardware, android is the same in a lot of respects, now turn your attention to ios, it may be reliable, but if you threw new hardware at it chances are it would cough, wheeze and break down

Linux supports a multitude of the hardware windows does.
alfie_null
3 / 5 (2) Jul 15, 2012
It will be interesting to see if developers sue Apple over this. Thinking about that homily on sowing and reaping.
Bowler_4007
3.7 / 5 (3) Jul 15, 2012
Apples products look good, work well and perform well. Why? Same reasone that your microwave does, or your tv. Anytime you design hardware for a specific software and design the software for specific hardware, ... and the rest

windows is reliable (most of the time) and it has to support whole multitude of hardware, android is the same in a lot of respects, now turn your attention to ios, it may be reliable, but if you threw new hardware at it chances are it would cough, wheeze and break down

Linux supports a multitude of the hardware windows does.

my point still stands
antialias_physorg
3.9 / 5 (7) Jul 15, 2012
the specs of other tablets often don't measure up component quality is a different matter

Apple doesn't make most of the components in its products. They buy the same components everybody else uses.
E.g. Apple doesn't make hard drives - but they sell hard drives for their computers for three times what a same size top-of-the-line western digital hard drive costs (WD doesn't make bad HDDs).
Now you can't get much more blatant in ripping off customers than that. And you can bet that they apply similar strategies for all components /probably more so for the ones they DO manufacture because there the user has no alternative).

Apple does make good user interfaces - and it's OK to charge more for that. But the profit margin on their products is just obscene. And anyone saying they are getting their money's worth is a fool...and a fool and his money are parted quickly.
Bowler_4007
5 / 5 (1) Jul 15, 2012
the specs of other tablets often don't measure up component quality is a different matter

Apple doesn't make most of the components in its products. They buy the same components everybody else uses.....too long to quotw
i never said apple makes components, whether they buy or build the components they don't seem to be doing all that bad, btw you seem to be arguing with me about something we both agree on, the "price"
antialias_physorg
3.8 / 5 (4) Jul 15, 2012
It's not just the price. When you compare for example the iPad to the (7 years older!) HP TC1100 then you'll see that the older tablet has everything the iPad has and more (faster CPU, more disk space, larger screen, stereo instead of mono sound, VGA out, RJ45 out, Headphone out, USB, and an SD card slot)
The only really saving grace is touch screen vs. pen for the TC 1100. At, of course, a higher price.

Apple has a very good PR department. But if anyone argues that they make good products then they haven't been shopping comparatively but just regurgitating what the ad-machine and the paid bloggers are telling them.
InalienableWrights
5 / 5 (1) Jul 15, 2012
Why didn't you post the hacks? You do know they would be taken down. Thanks a lot for a useless article/
InalienableWrights
5 / 5 (1) Jul 15, 2012
Why didn't you post the hacks? You do know they would be taken down. Thanks a lot for a useless article.

Maybe not I got a translation of the Russian site at Google translate.
El_Nose
5 / 5 (1) Jul 16, 2012
@inalieanable do your own research ---

Why would you post a hack in an article that might make you liable for compensation. Its a risk any editor would not take.

And by the way hacking in this since is stealing --- and its stealing while smiling at a camera, leaving your fingerprints on a card for police and giving them your home address.

When you download from tha AppStore you leave your ESN - electronic serial number tied to the purchase, this identifies your phone. Which identifies you through your service provider. Who has your billing information. Any dev that prosecutes can subpoena your carrier for such information if they don't give it voluntarily due to the overwhelming evidence you stole the software.

Who cares if the store isn't so secure that you can't steal from it -- if you have to photocopy your driver's licence, birth certificate, and SSN just to enter. If you steal from that point with a camera watching you -- you get what you deserve.

This isn't ripping mp3s
Bowler_4007
5 / 5 (1) Jul 16, 2012
It's not just the price. When you compare for example the iPad to the (7 years older!) HP TC1100 then you'll see that the older tablet has everything the iPad has and more (faster CPU, more disk space, larger screen, stereo instead of mono sound, VGA out, RJ45 out, Headphone out, USB, and an SD card slot)
The only really saving grace is touch screen vs. pen for the TC 1100. At, of course, a higher price.

Apple has a very good PR department. But if anyone argues that they make good products then they haven't been shopping comparatively but just regurgitating what the ad-machine and the paid bloggers are telling them.

all those additions don't cost nothing, especially when some of it was custom designed, i'll look at the price of HP TC1100 later but i'm not expecting it to have been cheap
TheGhostofOtto1923
1.7 / 5 (3) Jul 16, 2012
It's not just the price. When you compare for example the iPad to the (7 years older!) HP TC1100 then you'll see that the older tablet has everything the iPad has and more (faster CPU, more disk space, larger screen, stereo instead of mono sound, VGA out, RJ45 out, Headphone out, USB, and an SD card slot)
The only really saving grace is touch screen vs. pen for the TC 1100. At, of course, a higher price.
"Its OS what counts. Also yoy forgot 3G, Bluetooth, WiFi version, RAM memory, thickness, ppi resolution, multitouch (because that HP tablet has no multi-touch), accelerometer, coolness, apps, media formats and other stuff which is truly important."
http://www.blamei...100.html

Also weight and battery life, ergonomics...