Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Fighting Back Against In App Purchase Hack, But Service Still Operational

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,627
31,011



in_app_purchase_icon.jpg


Late last week, we reported on the launch of a new method to allow App Store users to bypass Apple's In App Purchase mechanism and receive additional content free of charge. At the time, we noted that use of the method involved theft of content from developers and exposed iOS device users to dangers as their account and device information was being routed to servers under the control of the Russian hacker running the service, but we felt that reporting on the issue to bring it to light was the responsible thing to do in order to alert developers to the issue and perhaps spur Apple into action.

The Next Web now follows up with a report outlining some of the steps Apple has been taking to combat the issue, including issuing a copyright claim to have the original video showing the hack in action pulled from YouTube.
Over the weekend, Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases.

It followed this up with a takedown request on the original server, taking down third-party authentication with it, also issuing a copyright claim on the overview video Borodin used to document the circumvention method. PayPal also got involved, placing a block on the original donation account for violating its terms of service.
Click to expand...
The hacker, Alexey Borodin, remains committed to the service and has been working to skirt around the roadblocks being thrown up by Apple, in part by moving the service to a server in another country, but it is clear that Apple is working on the issue and addressing it through multiple routes in order to improve the security of In App Purchase content. For now, however, the service remains operational.

Article Link: Apple Fighting Back Against In App Purchase Hack, But Service Still Operational
 
Article Link
https://www.macrumors.com/2012/07/16/apple-fighting-back-against-in-app-purchase-hack-but-service-still-operational/
sweetbrat

sweetbrat

macrumors 65816
Jun 17, 2009
1,443
1
Redford, MI
Mad Mac Maniac said:
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
Click to expand...

If someone wants to steal, they'll find some way to do it. I don't think it's fair to blame the news sites for posting this. It's relevant to the MacRumors community because it involves a security issue. I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.
 
H

haincha

macrumors member
Mar 16, 2012
85
161
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out. I know devs have a way of checking if you have legitimately purchased their app, same thing can apply. Or do like that FPS game did for PS3, pirates get an unkillable mob that just rages until you're dead.
 
gnasher729

gnasher729

Suspended
Nov 25, 2005
17,980
5,565
From the article:
Borodin also notes that Apple has not contacted him over the issue.
Click to expand...
Of course Apple would not contact _him_. They would be contacting the police where he lives.
 
W

writingdevil

macrumors 6502
Feb 11, 2010
254
32
Mad Mac Maniac said:
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
Click to expand...

Agreed. And they not only reported, in detail, about it, but posted a video showing exactly how to execute it. Several people commented on the risk of doing this and, of course, got "grow up" feedback from others who seemed to enjoy the opportunity for theft.

i'm not a developer and couldn't be if I wanted to as I just don't have the skill set to program day in and day out. But it makes me wonder, if the people who do hack, who enjoy "breaking and entering, theft of product" would, if given the means, break into a store and take merchandise, knowing they wouldn't get caught? I work in film and every illegal download of media may not represent a purchase that would have been made since some people wouldn't pay if that were the only way to get the product, but it reduces the pool from which we get paid. The same could apply to any product or service, but somehow the theft of media and certainly the current hacking craze means a lot of ordinary "law abiding" users don't mind a little theft,once in a while. Even more weird is the logic "if they didn't charge so much, then I wouldn't steal." That's the gangbangers mantra. Maybe it's moving mainstream?
 
Mad Mac Maniac

Mad Mac Maniac

macrumors 601
Oct 4, 2007
4,802
2,109
A little bit of here and a little bit of there.
sweetbrat said:
If someone wants to steal, they'll find some way to do it.
Click to expand...

You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.
 
nagromme

nagromme

macrumors G5
May 2, 2002
12,546
1,196
haincha said:
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out. I know devs have a way of checking if you have legitimately purchased their app, same thing can apply. Or do like that FPS game did for PS3, pirates get an unkillable mob that just rages until you're dead.
Click to expand...

If you ARE jailbroken and attempt this, you still deserve punishment. Stealing from developers’ hard work is what gives jailbreaking a bad name.
 
dynamojoe

dynamojoe

macrumors regular
Mar 31, 2011
215
472
Miami, FL
I think the best way for Apple to stop this would be to start emailing all the thieves receipts and charging their credit cards, or just cancelling their iTunes accounts.
 
A

aamirshah

macrumors newbie
Jul 14, 2012
7
0
wow this is sure very bad news for apple. how do they hack such a secure systems, i remember few months ago hackers hacked psn network and caused sony millions.
 
xraydoc

xraydoc

Contributor
Oct 9, 2005
10,799
5,261
192.168.1.1
Mad Mac Maniac said:
You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.
Click to expand...

Karma's a bitch.
 
W

writingdevil

macrumors 6502
Feb 11, 2010
254
32
sweetbrat said:
... I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.
Click to expand...

This kind of reasoning totally escapes, at least for me, any form of logic one subscribes to. "Let's show people, specifically and in detail, how to X, it will certainly discourage people from doing X. ?????????????
 
PBG4 Dude

PBG4 Dude

macrumors 601
Jul 6, 2007
4,275
4,501
Mad Mac Maniac said:
You mean like how people have been stealing from the app store for the past 4 years? :rolleyes:

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.
Click to expand...

If the thought of giving someone the credentials to your iTunes account (and all the power that entails) in order to save a buck doesn't deter you from pirating (again, over chump change), then you deserve all the ID theft coming your way.

Honestly, you're using an at least $200 device (iPod touch) in order to steal relatively pennies' worth of goods. Yay.
 
blucable

blucable

macrumors regular
Jul 16, 2012
121
29
Mad Mac Maniac said:
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
Click to expand...

I think you are the only one. It's good that they post this, I mean, if it was like Windows stuff, the OS costs $350, that is a ridiculous price for something you can only use in one computer, if you use it more than 3 times in one computer you are screwed, you need to buy a new license. At this point I would go and pirate the crap out of that windows.

In apple's case tho, I mean for real? you are going to crack $0.99 apps? it is totally ridiculous, even the Lion upgrade which I bought 2 days ago for $29.99 that is quite an affordable price, and you get a top quality OS or apps. Customers who pay for their stuff are the ones that allow apple to keep developing better applications and OS, come on, they dont get paid, there's poor or no development at all. Isn't that encouraging enough to go pay for the software you get?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom