In-app purchase hack hits iOS devices

As reported by Russian blog i-ekb.ru and confirmed by 9to5Mac this morning, hackers have managed to circumvent Apple’s in-app purchase process.

The hack appears to originate from a Russian developer named ZonD80 and a video of the exploit can be seen here:

The hack doesn’t require your iPhone or iPod to be jailbroken and it apparently works on devices running iOS 3 and upwards. In technical terms, the hack relies on three steps including the installation of CA certificate, the installation of in-appstore.com certificate, and then the changing of DNS record in the device’s Wi-Fi settings.

The vulnerability resembles a similar one that affected the Mac App Store last year, so hopefully Apple will take steps to fix it quickly, or offer a new way for developers to validate the security certificates and make it harder for someone to subvert the in-app purchase process.

In the meantime, ZDNet published an article explaining how developers may be able to protect themselves from the vulnerability in the short term.

Download the Appolicious Android app

Views: 0

You can skip to the end and leave a response. Pinging is currently not allowed.

Leave a Reply

Powered by WordPress | Designed by: Premium WordPress Themes | Thanks to Themes Gallery, Bromoney and Wordpress Themes