Russian Crook Makes It Easy For Anyone To Get Free IAPs

Do you hate in-app purchases? Are you an unscrupulous thief? If you answered "yes" to both questions, then we've got some good news: Alexey Borodin, a Russian hacker, has exploited a flaw in Apple's certification setup to reroute IAP traffic and trick the system into thinking you've actually paid for all those gold coins and Smurfberries. And you don't even need to jailbreak your iDevice! Instead, you'll simply need to make your way to the Borodin-created In-Appstore.com and follow a few simple instructions. According to The Next Web,

[a]s of earlier today, some 30,000+ in-app purchases have been made through Borodin's service, which he says gathers no personal information from its users, though those using the hack do transmit their Apple ID and password to the service when using it. That alone should deter any potential users.

Clearly, however, it hasn't. And while Borodin tries to pass himself off as a hacker of the upstanding, good-for-the-industry type, his criminal behavior has colored his white hat a decidedly darker hue. True, he no longer runs In-Appstore.com, but only because he does "not want to be in jail =)." Smiley face or not, once Apple fixes the hack, that's probably where Borodin will end up anyway. For more information on how Borodin's hack works, visit the Via below. To learn what Apple and its developers can do to head off the threat, check out Marco Tabini's excellent piece in Macworld. Source: i-EKB Via: The Next Web Image: Business Insider

Related articles