Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Jul 16, 2012, 10:02 AM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Apple Fighting Back Against In App Purchase Hack, But Service Still Operational






Late last week, we reported on the launch of a new method to allow App Store users to bypass Apple's In App Purchase mechanism and receive additional content free of charge. At the time, we noted that use of the method involved theft of content from developers and exposed iOS device users to dangers as their account and device information was being routed to servers under the control of the Russian hacker running the service, but we felt that reporting on the issue to bring it to light was the responsible thing to do in order to alert developers to the issue and perhaps spur Apple into action.

The Next Web now follows up with a report outlining some of the steps Apple has been taking to combat the issue, including issuing a copyright claim to have the original video showing the hack in action pulled from YouTube.
Quote:
Over the weekend, Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases.

It followed this up with a takedown request on the original server, taking down third-party authentication with it, also issuing a copyright claim on the overview video Borodin used to document the circumvention method. PayPal also got involved, placing a block on the original donation account for violating its terms of service.
The hacker, Alexey Borodin, remains committed to the service and has been working to skirt around the roadblocks being thrown up by Apple, in part by moving the service to a server in another country, but it is clear that Apple is working on the issue and addressing it through multiple routes in order to improve the security of In App Purchase content. For now, however, the service remains operational.

Article Link: Apple Fighting Back Against In App Purchase Hack, But Service Still Operational
MacRumors is offline   0 Reply With Quote
Old Jul 16, 2012, 10:06 AM   #2
thelink
macrumors regular
 
Join Date: Jun 2012
Leave it to Apple to take away someone's fun....
thelink is offline   14 Reply With Quote
Old Jul 16, 2012, 10:06 AM   #3
Shrink
macrumors Demi-God
 
Shrink's Avatar
 
Join Date: Feb 2011
Location: New England, USA
Ripping off the devs....putz!
__________________
Two things are infinite, the universe and human stupidity; and I'm not sure about the universe. -- Albert Einstein
Shrink is offline   18 Reply With Quote
Old Jul 16, 2012, 10:07 AM   #4
madrag
macrumors 6502
 
Join Date: Nov 2007
It's like a tick, very hard to catch...
madrag is offline   1 Reply With Quote
Old Jul 16, 2012, 10:09 AM   #5
Mad Mac Maniac
macrumors 68040
 
Mad Mac Maniac's Avatar
 
Join Date: Oct 2007
Location: A little bit of here and a little bit of there.
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
__________________
Now I have a Signature!
iPod owner since 2006 | Mac owner since 2007
iPhone owner since 2008 | iPad owner since 2011
Apple TV owner since 2012 | Apple Watch owner since 2016 (anticipated)
Mad Mac Maniac is offline   14 Reply With Quote
Old Jul 16, 2012, 10:10 AM   #6
aristotle
macrumors 68000
 
Join Date: Mar 2007
Location: Canada
I feel sorry for Alexey Borodin. He has no moral centre.
__________________
15" Retina MBP, 2.7 Ghz Quad Core i7, 16 GB RAM, 768 GB SSD (10.9.2)
24" iMac, 2.8 GHz, 4GB RAM, 320 GB HD; 128 GB iPad Air LTE (iOS 7.0.4); 64 GB iPhone 5S (iOS 7.1.1)
aristotle is offline   14 Reply With Quote
Old Jul 16, 2012, 10:13 AM   #7
JGowan
macrumors 68000
 
JGowan's Avatar
 
Join Date: Jan 2003
Quote:
Originally Posted by madrag View Post
It's like a tick, very hard to catch...
I think you mean "flea". Fleas are super fast jumpers. On the other hand, Ticks either crawl very slowly on you or are attached, sucking on you (or your pet.)
__________________
JGowan
So it kinda just comes down to... what do you want to be looking at all day long? - Steve Jobs on the Retina Display of iPhone 4
JGowan is offline   2 Reply With Quote
Old Jul 16, 2012, 10:16 AM   #8
sweetbrat
macrumors 65816
 
sweetbrat's Avatar
 
Join Date: Jun 2009
Location: Redford, MI
Quote:
Originally Posted by Mad Mac Maniac View Post
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
If someone wants to steal, they'll find some way to do it. I don't think it's fair to blame the news sites for posting this. It's relevant to the MacRumors community because it involves a security issue. I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.
__________________
15" MacBook Pro 2.2GHz i7, Crucial M4 SSD (Early 2011); 15" MacBook Pro (late 2008); Mac Pro 1,1 2.66GHz Dual-Core Xeon; 32GB iPad Mini; iPhone 4S 32GB; 6th gen iPod Nano
sweetbrat is offline   5 Reply With Quote
Old Jul 16, 2012, 10:16 AM   #9
haincha
macrumors newbie
 
Join Date: Mar 2012
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out. I know devs have a way of checking if you have legitimately purchased their app, same thing can apply. Or do like that FPS game did for PS3, pirates get an unkillable mob that just rages until you're dead.
haincha is offline   3 Reply With Quote
Old Jul 16, 2012, 10:17 AM   #10
LastLine
macrumors 65816
 
Join Date: Aug 2005
Quote:
Originally Posted by thelink View Post
Leave it to Apple to take away someone's fun....
You realise this isn't 'someone's fun' - it's theft, that affects developers income.
LastLine is offline   18 Reply With Quote
Old Jul 16, 2012, 10:17 AM   #11
bartonlynch
macrumors regular
 
Join Date: Jun 2009
Location: Kentucky, USA
Quote:
Originally Posted by thelink View Post
Leave it to Apple to take away someone's fun....
Leave it to hackers to steal from people who worked hard on their products
__________________
Mid 2012 MacBook Air 13"
White iPhone 5
bartonlynch is offline   21 Reply With Quote
Old Jul 16, 2012, 10:19 AM   #12
DisMyMac
macrumors 65816
 
DisMyMac's Avatar
 
Join Date: Sep 2009
All the Napster thieves suddenly grow up....
DisMyMac is offline   2 Reply With Quote
Old Jul 16, 2012, 10:20 AM   #13
gnasher729
macrumors G5
 
gnasher729's Avatar
 
Join Date: Nov 2005
From the article:
Quote:
Borodin also notes that Apple has not contacted him over the issue.
Of course Apple would not contact _him_. They would be contacting the police where he lives.
gnasher729 is online now   7 Reply With Quote
Old Jul 16, 2012, 10:21 AM   #14
Glideslope
macrumors 68030
 
Glideslope's Avatar
 
Join Date: Dec 2007
Location: NY
Quote:
Originally Posted by madrag View Post
It's like a tick, very hard to catch...
Just kill the host body.
__________________
" A leader leads by example. Not by force." Sun Tzu
Glideslope is offline   3 Reply With Quote
Old Jul 16, 2012, 10:22 AM   #15
Uncle Ruckus
macrumors newbie
 
Join Date: Jul 2012
I think what he doing is wrong but who am I to say.

Uncle Ruckus no relations
Uncle Ruckus is offline   1 Reply With Quote
Old Jul 16, 2012, 10:22 AM   #16
writingdevil
macrumors regular
 
Join Date: Feb 2010
Quote:
Originally Posted by Mad Mac Maniac View Post
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
Agreed. And they not only reported, in detail, about it, but posted a video showing exactly how to execute it. Several people commented on the risk of doing this and, of course, got "grow up" feedback from others who seemed to enjoy the opportunity for theft.

i'm not a developer and couldn't be if I wanted to as I just don't have the skill set to program day in and day out. But it makes me wonder, if the people who do hack, who enjoy "breaking and entering, theft of product" would, if given the means, break into a store and take merchandise, knowing they wouldn't get caught? I work in film and every illegal download of media may not represent a purchase that would have been made since some people wouldn't pay if that were the only way to get the product, but it reduces the pool from which we get paid. The same could apply to any product or service, but somehow the theft of media and certainly the current hacking craze means a lot of ordinary "law abiding" users don't mind a little theft,once in a while. Even more weird is the logic "if they didn't charge so much, then I wouldn't steal." That's the gangbangers mantra. Maybe it's moving mainstream?
writingdevil is offline   2 Reply With Quote
Old Jul 16, 2012, 10:22 AM   #17
Mad Mac Maniac
macrumors 68040
 
Mad Mac Maniac's Avatar
 
Join Date: Oct 2007
Location: A little bit of here and a little bit of there.
Quote:
Originally Posted by sweetbrat View Post
If someone wants to steal, they'll find some way to do it.
You mean like how people have been stealing from the app store for the past 4 years?

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.
__________________
Now I have a Signature!
iPod owner since 2006 | Mac owner since 2007
iPhone owner since 2008 | iPad owner since 2011
Apple TV owner since 2012 | Apple Watch owner since 2016 (anticipated)
Mad Mac Maniac is offline   2 Reply With Quote
Old Jul 16, 2012, 10:23 AM   #18
Glideslope
macrumors 68030
 
Glideslope's Avatar
 
Join Date: Dec 2007
Location: NY
Quote:
Originally Posted by DisMyMac View Post
All the Napster thieves suddenly grow up....
Scary thought.
__________________
" A leader leads by example. Not by force." Sun Tzu
Glideslope is offline   0 Reply With Quote
Old Jul 16, 2012, 10:24 AM   #19
nagromme
macrumors G4
 
nagromme's Avatar
 
Join Date: May 2002
Quote:
Originally Posted by haincha View Post
Any person with a jailbreak can get this same thing, without having to send your info through a rogue server. If you're non jailbroken and attempt this, you deserve any penalty that could be handed out. I know devs have a way of checking if you have legitimately purchased their app, same thing can apply. Or do like that FPS game did for PS3, pirates get an unkillable mob that just rages until you're dead.
If you ARE jailbroken and attempt this, you still deserve punishment. Stealing from developers’ hard work is what gives jailbreaking a bad name.
nagromme is offline   9 Reply With Quote
Old Jul 16, 2012, 10:25 AM   #20
dynamojoe
macrumors member
 
Join Date: Mar 2011
I think the best way for Apple to stop this would be to start emailing all the thieves receipts and charging their credit cards, or just cancelling their iTunes accounts.
dynamojoe is offline   1 Reply With Quote
Old Jul 16, 2012, 10:27 AM   #21
aamirshah
macrumors newbie
 
Join Date: Jul 2012
wow this is sure very bad news for apple. how do they hack such a secure systems, i remember few months ago hackers hacked psn network and caused sony millions.
__________________
aamirshah is offline   1 Reply With Quote
Old Jul 16, 2012, 10:27 AM   #22
xraydoc
macrumors Demi-God
 
xraydoc's Avatar
 
Join Date: Oct 2005
Location: 192.168.1.1
Quote:
Originally Posted by Mad Mac Maniac View Post
You mean like how people have been stealing from the app store for the past 4 years?

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.
Karma's a bitch.
__________________
3.5GHz i7 27" iMac • Surface Pro 3 i5 • 2.5GHz i5 Mac mini + 27" Thunderbolt display • iPhone 6 Plus
xraydoc is offline   0 Reply With Quote
Old Jul 16, 2012, 10:28 AM   #23
writingdevil
macrumors regular
 
Join Date: Feb 2010
Quote:
Originally Posted by sweetbrat View Post
... I think it's actually helpful that places are posting it, provided they're also telling people why it's insanely stupid to use this hack. It might actually discourage some people from trying it.
This kind of reasoning totally escapes, at least for me, any form of logic one subscribes to. "Let's show people, specifically and in detail, how to X, it will certainly discourage people from doing X. ?????????????
writingdevil is offline   3 Reply With Quote
Old Jul 16, 2012, 10:29 AM   #24
PBG4 Dude
macrumors 65816
 
Join Date: Jul 2007
Quote:
Originally Posted by Mad Mac Maniac View Post
You mean like how people have been stealing from the app store for the past 4 years?

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.
If the thought of giving someone the credentials to your iTunes account (and all the power that entails) in order to save a buck doesn't deter you from pirating (again, over chump change), then you deserve all the ID theft coming your way.

Honestly, you're using an at least $200 device (iPod touch) in order to steal relatively pennies' worth of goods. Yay.
PBG4 Dude is offline   7 Reply With Quote
Old Jul 16, 2012, 10:29 AM   #25
blucable
macrumors member
 
Join Date: Jul 2012
Quote:
Originally Posted by Mad Mac Maniac View Post
am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.
I think you are the only one. It's good that they post this, I mean, if it was like Windows stuff, the OS costs $350, that is a ridiculous price for something you can only use in one computer, if you use it more than 3 times in one computer you are screwed, you need to buy a new license. At this point I would go and pirate the crap out of that windows.

In apple's case tho, I mean for real? you are going to crack $0.99 apps? it is totally ridiculous, even the Lion upgrade which I bought 2 days ago for $29.99 that is quite an affordable price, and you get a top quality OS or apps. Customers who pay for their stuff are the ones that allow apple to keep developing better applications and OS, come on, they dont get paid, there's poor or no development at all. Isn't that encouraging enough to go pay for the software you get?
blucable is offline   1 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
What's the process for Apple Purchase, verizon upgrade buy back plan cheekyjeremy iPhone 2 Sep 30, 2013 04:34 PM
All Apple Developer Services Back Online after Hack, Apple Offers Free Month Extension MacRumors MacRumors.com News Discussion 81 Aug 12, 2013 02:28 PM
Apple Retail's Emphasis on Profits Continues, Tied to Operational Perspective of Cook and Browett MacRumors MacRumors.com News Discussion 339 Dec 3, 2012 06:29 PM
Apple Now Including Unique Identifiers for In App Purchase Receipts to Combat Hack MacRumors MacRumors.com News Discussion 46 Aug 23, 2012 02:21 PM

Forum Jump

All times are GMT -5. The time now is 12:04 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC