Apple Still Trying To Kill Free In-App Exploit

Apple obviously isn't pleased about the exploit that lets people get in-app purchases for free in iOS. The company is doing its best to shut down Russian hacker Alexy Borodin's scheme, but right now it's just chasing shadows.

Apple has so far issued a takedown request of the original server, pulled the YouTube instruction video, and removed the PayPal donation account Borodin set up. But Borodin has moved his servers offshore and improved the hack to not use Apple's servers, as you can see in the flow chart above.

Here's what Apple told The Loop:

"The security of the App Store is incredibly important to us and the developer community," Apple representative Natalie Harrison said. "We take reports of fraudulent activity very seriously and we are investigating."

You can follow the ongoing back and forth at the Borodin's site, In-Appstore. He raised a little money to keep hosting running for a month, and he seems committed to keeping the whack-a-hack with Apple going as long as he can sustain it. [In-Appstore via TNW via MacRumors, The Loop]


Comments

    So why don't they just arrest this guy?

    Isn't what he is doing still classed as stealing?

      So America will fly over to Russia and arrest one of there citizens? I can see that going well.

        I would pay for that documentary

    No its not stealing, stealing is taking an original item away from someone leaving them without it.. this is a copyright infringement issue. Not theft.

      Actually, theft is when you take something you don't have the right to take. That the legal owner is without the original is just a byproduct of the physcial nature of products, historically. Modern digital theft, where you take a copy without permission, is still theft.

      In this case however, he's not so much stealing a providing a tool with which people may steal. It's like people who write emulators for games consoles. The emulators themselves are fine, it's the use of roms that is the issue, legally.

        "Actually, theft is when you take something you don’t have the right to take."
        No-one has taken anything. Taking something requires removing something from it's proper place to somewhere else. So no, it is not theft.

          So, you're telling me if you walked into a store and opened a DVD box, for example - any game, copied it, and walked out of the shop with the copied game on your computer; that it isn't stealing?

          This whole, "I just copied something, and it's not stealing" crap doesn't wash with me.

          If someone gained access to your phone/computer and sent themselves 'private' pictures of you and your partner from your device to theirs to later spam on the internet or copied your bank details for later personal use; Yet left the original files intact - and did this without your permission.... that's not stealing? Whether or not they used those bank details, would you be happy that someone else or even 10 thousand other people had them?

          Taking something without permission of / payment too the original owner or re-seller is stealing. Period. I don't care what the official definition is.

          They're not paying for a copy, so it is theft, stop deluding yourself or justifying your criminal mind. Read the copyright licensing agreement when you download anything. You don't own the item, you just a rights to use it, and distributing it is an infringement and classified as theft. A crook is a crook is a crook. What the hell are you?

    As an iPhone owner, I would still say lay all the blame with Apple, if they weren't so close minded regarding in app purchases, they might have avoided this.. this is not likely to damage their brand, but it does make their security look as week as open source sometimes.

      And here I was thinking the co founder of Windows would own a Lumia or something

      Why is Apple to blame ? The guy is cheating the system. It would be no different then someone printing there own money ... Would you blame the mint if someone did that ??? No.

        Android has a malware problem, apple owners laugh and blame it on google not putting a plug on the malware problem, apple has a appstore hacked and allow users to download stuff for free, apple users complain about users trying to profit by finding a flaw in apples ways..

        In this day and age security is there to make it harder for hackers not impossible, so the only way to keep hackers out is to make it ever and ever harder so yes apple needs to fix something. I am pretty sure the mint puts tonnes of money into making their money extreeeemly hard to counterfeit!

          Malware problem or not, I've yet to see it. Hacker's gonna hack, this is just like the PS3 nonsense of a few months ago, only difference here is that Apple never really invited Linux onto their shinies only to take it away. They always had their priorities set, love it or lump it, for their developer guidelines.

        If they did it successfully then they would need to make the bills harder to forge. Security is there problem

      No, the blame is lay with the developers. They've been told by Apple to code sign their Apps. Any signed App won't work under these circumstances. Apple provide the means for developers to secure their Apps, but if they don't, who's fault is it? Give me a break.

    There is another side to this. If you are changing your DNS server on your iDevice, your exposing yourself to a huge security risk. It wouldn't be too hard to proxy requests to your email or log into your actual iTunes account, which presumably has a credit card associated with it?

      By stealing content via this guys site, you are in fact giving him your Apple ID and password (giving him access to your account but not your credit card details in full), on top of exposing your device by changing your DNS . Any idiot who falls for this deserves any nasty consequences that come from it. I would call it Karma.

Join the discussion!

Trending Stories Right Now