Recently noticed by major news sources, a few days ago, a Russian hacker publicized a video on YouTube that demonstrates a rather frightening flaw within Apple’s in-app purchase system. The hacker was able to successfully circumvent security measures in the system to “bypass” the confirm purchase dialogue prompt for in-app purchases.
The method, as demonstrated by the developer himself, doesn’t rely on a Jailbreak to exploit the system. Instead, user’s who wish to engage in such a taboo practice must install two certificates and use a custom DNS entry – modified via the Settings app.
Upon successfully configuring a device, the user of said device will be able to receive free in-app purchases by simply preforming the in-app purchase as normal and then pressing “LIKE” once the new prompt pops up (as pictured to the right).
In addition to engaging in piracy and effectively bypassing the standard in-app purchases process, users who partake in this practice are also at risk of having their own information compromised. Essentially, personal data is readily available and accessible to the hacker via the server that “reroutes” the in-app purchases if the certificates are installed and the DNS entry is edited.
Moreover, it’s been reported that the developer already switched hosting due to the suspension of his previous account and server.
While Apple can likely fix this exploit via a new firmware release with an improved security system, developers can also do their part to ensure their apps don’t fall victim to piracy by implementing validation of in-app purchases.
Stay tuned for additional coverage on the situation and what measures Apple will inevitably take to outdate this security flaw.