A hacker known as ZonD8o has reportedly come up with a method that enables you to make in-app purchases on iOS devices for free. The hack could be especially problematic for developers because it is so easy to pull off that even novices with no experience of hacking devices could do it. The device doesn’t even need a jailbreak to use the hack. The hack just needs you to download some security certificates from the hacker’s website, change some settings on the device’s Wi-Fi connection, and that’s it. The people at Apple blog 9to5Mac have tested it out and confirm that the hack works on several devices, from iOS 3 to the yet-unreleased iOS 6.
The YouTube video posted by ZonD8o could be found here, but has since been taken down by Apple, citing a copyright claim.
Hacked some more!
The method does not seem to work for in-app purchases in all apps. Apple provides a receipt verification service, which, if enabled, would render the hack by ZonD8o ineffective. According to the report by 9to5Mac, ZonD8o runs a website called In-AppStore where donations are being accepted to support the development of the hack and to help keep the servers running.
Many apps on the iTunes App Store depend on in-app purchases as their primary source of income, with the main app themselves sometimes being free.
TheNextWeb spoke with Alexey V. Borodin, a.k.a. ZonD8o, developer of the hack, about the hack and how it works. Borodin was willing to share his findings with Apple, and says that he is no longer in charge of the In-Appstore site, and will be deleting any information that he has about the site from his computer.
TNW states that the site is now in the hands of an unnamed third party, as Borodin says he does “not want to be in jail =).”
Apple responded to The Loop about the situation with this statement, “The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”
Apple has been having problems with cyber-security recently. A Java-based malware was found attacking older versions of OS X, and before that, the company had to remove what was believed to be the first malicious app in the iOS App Store, according to a report by MacRumors.
Apple also recently removed the claim from its website that their devices were immune from viruses, according to a report by TUAW.