Russian Hacker Bypasses iOS Microtransactions

Russian Hacker Bypasses iOS Microtransactions

image

The iOS in-app purchase system has been hacked, and Apple isn't sure what to do about it.

Last Friday Apple's iOS store was faced with its worst nightmare: a hacker who'd discovered a way to bypass its in-app purchasing system. The hacker in question, Russian Alexey Borodin, was allowing Apple's customers to download premium app store content for free. Although Apple took steps, forcing Borodin to change his IP and abandon PayPal as a means of getting payment for his service, the hacker is still out there and Apple currently has no way to cut him off.

Borodin's hack allows users to bypass the in-app purchase system used by so-called "free" apps, so that they can download app content while avoiding the iOS payment system."Why must pay for content [sic]," Borodin argued in a video release since pulled from YouTube, "I think, you must not." In a separate message to Macworld, Borodin claimed to be a hobbyist who has a grudge against developers who promote free games that then nickel-and-dime the customer. Though Borodin was using PayPal as a means of collecting donations, he told Macworld he's just as happy for people to use it free of charge.

The hack means that payments which would normally be authorized by the Apple store now get their content via Russian servers. This system doesn't work on all in-app purchases; those authorized by the developer, not by Apple, are secure against the Borodin hack. However many developers validate via Apple because to do it themselves they would need to run their own server, and that can get both complicated and expensive.

Apple currently has no means of defending itself against Borodin, so the 30% cut that developers have to give them to use the service isn't buying developers the security they need. Even Borodin's customers have no way of defending against the hack, since in order to make use of Borodin's service they have to give his servers access to their Apple ID and password. If Borodin is the hobbyist he claims to be perhaps there is no risk; if not, Apple isn't the only one who may find themselves out of pocket this time out.

Apple has yet to say whether or not developers affected by this hack will be compensated for their losses.

Sources: Guardian , Macworld

Permalink

And they say Apple products don't get hacked... Poppycock.

One word: Bwahahahah!

If this is what it takes for Apple to take security seriously, then So-vi-et.

This is genius. I really do hope that these people don't get there money or whatever stolen, but I honestly don't even care about apple. The situation is too funny.

Krat Arona:
And they say Apple products don't get hacked... Poppycock.

The only people who say that are fanboys and idiots :P

DVS BSTrD:
If this is what it takes for Apple to take security seriously, then So-vi-et.

I CCCP what you did there.

EDIT - fudged my own pun -.-

"Why must pay for content [sic]," Borodin argued in a video release since pulled from YouTube, "I think, you must not."

Communism is alive and well in good old mother Russia. Prepare for the Red Dawn!

And Apple has no way to counter this? Well, my day sure got a brighter turn!

Why doesn't apple just sue for copy right/patent infringement.....oh wait...

From Russia with love, fight the power.

Good to see those corporate filth who brag about how they actually fleece customers for even more using microtransactions than they did with single state payments get slapped around for a change. Those scum forget that contempt goes both ways.

Time to get ALL THE SMURFBERRIES.

This guy is a criminal scum who is breaking the law and must face the ... oh wait its apple? go right ahead!

Karloff:
Even Borodin's customers have no way of defending against the hack, since in order to make use of Borodin's service they have to give his servers access to their Apple ID and password. If Borodin is the hobbyist he claims to be perhaps there is no risk; if not, Apple isn't the only one who may find themselves out of pocket this time out.

Oh boy. This'll end well for all involved, I'm sure.

I support this man! Take ALL MY MONEY!

I can't wait to shove this in the face of some Apple Fanboy who tries to convince me Apple is un-hackable

Because cheating companies out of money is perfectly ok if they're cool to bash!

Well deserved justice, about time crapple finally had their asses handed to them, I guess they hate the competition when it comes to stealing software. Why don't they just sue him like the rest of their competition? Lol

Krat Arona:
And they say Apple products don't get hacked... Poppycock.

Quiet Stranger:
I can't wait to shove this in the face of some Apple Fanboy who tries to convince me Apple is un-hackable

Isn't the claim that other people can't hack your device, not that you can't hack your own? Because, geez, we've known people can do that for years. It's called jailbreaking, and nobody but Apple objects to it being doable.

I just read this article, and it seems I agree with this guy's reasoning, not his actions. Yes, it is shady that everything seems to be based on "micro-transactions" now. I understand why developers do this: They try to mitigate production costs while giving consumers more choices. I'm OK with that. I just also feel that it is disingenuous to state something as "free," when it is really gimped, and the only way to get a full experience is to "nickel-and-dime" the consumer.

Perhaps Apple, and others, should list the real, total price of software. Total prices spent might seem higher, but in actuality, people would be spending a same amount (they would spend otherwise through micro-transactions) all at once, instead of over time. It might make people feel less ripped-off. Apparently, that was the driving force behind this Russian hacker.

Steve the Pocket:

Krat Arona:
And they say Apple products don't get hacked... Poppycock.

Quiet Stranger:
I can't wait to shove this in the face of some Apple Fanboy who tries to convince me Apple is un-hackable

Isn't the claim that other people can't hack your device, not that you can't hack your own? Because, geez, we've known people can do that for years. It's called jailbreaking, and nobody but Apple objects to it being doable.

Only a mindless iSheep Apple Nazi would dare question an anti-Apple argument! Start hating them like a good little anti-conformist!

While I have no such love of freemium stuff, his actions are utterly reprehensible.

Sure some of the "nickel and dime" devs may lose out, but I'd argue that legit devs would be the ones that stand to take real harm.

As for the people claiming that the price should be stated upright, the current system is basically a single app version of a lite/full model.
Generally they do state what the limitations are and what you gain by paying for it.

In modern Russia, premium features unlock you.

Aeshi:
Because cheating companies out of money is perfectly ok if they're cool to bash!

Exactly. And it's not just Apple who are suffering, it's the developers (most of whom are small, one-person outfits) that are getting deprived of their deserved money. It's disgraceful.

This guys is a grade-A prick for making this information public.

I'm not invested one way or another but I am interested to see how this plays out.

Well shit. And I honestly thought that Apple'd be more secure than this. Guess I was wrong, well nothing much anyone can do about it now. Suppose that's what we get for having precarious infrastructures like this, if anything goes wrong it goes REALLY REALLY fucking wrong.
Oh, and I'll be interested to see what happens to the price of Apple's shares as a result of this, can't imagine it'll be anything good.

I misread the headline as Russian hooker.
Needless to say the article was not what I pictured.

Aeshi:

Steve the Pocket:

Krat Arona:
And they say Apple products don't get hacked... Poppycock.

Quiet Stranger:
I can't wait to shove this in the face of some Apple Fanboy who tries to convince me Apple is un-hackable

Isn't the claim that other people can't hack your device, not that you can't hack your own? Because, geez, we've known people can do that for years. It's called jailbreaking, and nobody but Apple objects to it being doable.

Only a mindless iSheep Apple Nazi would dare question an anti-Apple argument! Start hating them like a good little anti-conformist!

So, i'm guessing you've had some bad experiences.

OP: I'm laughing purely because I love seeing big companies get stumped at the act of one person. It was funny when it happened to MS, its funny now that its happening to Apple.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here