According to a report by TNW, Apple is now taking action to block the Russian servers that allowed iOS users to download paid in-app content for free. The method that is called in-app proxy allowed users to download in-app purchases, bypassing the iTunes’ payment procedure even without jailbreaking their iOS devices. Although Apple is taking action to block this act of theft, the service is still working for most users.
Apple is blocking the IP addresses of the Russian hacker’s servers, preventing them from downloading paid content from the App Store for free. Apple has not only blocked the IP addresses of these servers, but has also made Youtube remove the video demonstrating how to use this method. Apple even went one step further and asked Paypal to block this hacker’s account, on which he was taking donations to keep the service functional.
Apple also pressured the host of his site to shut down their service for him, despite all the efforts made by Apple, hacker named Borodin moved his service to a new server to avoid service closure. He claims to have processed more than 30,000 individual in-app payment requests. He is now improving his service, here’s what he tells about the improvements he has made to his system.
Borodin tells us that the new service has been updated and cuts out Apple’s servers, “improving” the protocol to include its own authorization and transaction processes. The new method “can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled.”
The signing process has also been adapted to ensure that users cannot use Borodin’s service without first signing out of their iTunes account. The reason for this? “They [the users] need to sign out so they don’t scream to the Internet that I am stealing their credentials.”
In simple terms, it should mean that device details are not stored on the server. However, given the very nature of the service and the fact the servers are located in an ‘offshore’ country, we can’t stress enough the real privacy and security implications of using such a service (but also from a moral and legal perspective).
Borodin is currently keeping his service enabled by moving the servers offshore, and using a private Paypal account to take donations. The service is functional at this moment, but the question is for how long he will be able to dodge the attacks by Apple, that is seriously taking measures to solve this issue.
Here’s ‘Reply to Apple’ video, in which the hacker is showing Apple that his method is still functional.
- After Apple’s statement Russian hacker declares game over
- Apple is now using Unique Identifiers to tackle piracy on in-app purchases
- Russian hacker finds a way to bypass Apple’s payment method to download in-app purchases for free [updated]
- OnLive App brings high-end cloud gaming to an iOS device near you
- OnLive Desktop Plus service brings Flash to an iPad near you