A Russian hacker has discovered a method to in-app purchases without paying. The method is dangerous because of possible device-specific information and other personal details to come easy in the hands of the hacker. You thus runs a risk that your data be abused. Technically, it seems to work as follows: the method uses a proxy, with two fake security certificates installed. That changes the DNS settings of your iPhone, allowing the transaction to be intercepted before it reaches iTunes. The intercepted data are also accessible to the hacker and can get into the wrong hands. We recommend experimenting with this hack off an urgent, especially since developers steal from unethical and illegal.
Nothing is really ‘free’, as this hack shows. In exchange for a free app, you will get your iPhone and iTunes data into the wrong hands and someone at your expense make purchases. Ethical hackers like the iPhone Dev Team and Chronic Dev Team show off apps to steal because it harmed anyone – not just the developers that you have small amounts from $0.99 or $1.99 no awards. But also because developers are not inclined to much time and effort into your favorite app stabbing as the majority of users do not pay more for an app or in-app purchases are paid. In a hack that is aimed solely at the disadvantage of developers you may wonder how ‘ethical’ such a hacker is and how careful he will interact with your data. According to 9to5Mac, the following data to the servers of the hacker programs: potential app restrictions (age verification, etc.) app-id, version id, guid (unique identifier) of your iDevice, in-app purchase amount, name of in-app purchase part, language, app identification, appversie and region selection.
Especially with the new hack is that without jailbreak works and that use is made of a man-in-the-middle attack. The hacker has the process of in-app purchases with reverse engineering know how to hack. In making a purchase you do not get the usual message as shown above, but a message that you should like-appstore.com. This is the website of hacker ZonD80 who asks donations for his efforts. The hack seems to work on IOS 3.0 to the new IOS 6 beta. There was in the jailbreak circuit already has a possibility to In-App Purchases that are not available to break through remote servers works, but uses the absence of the control possibilities offered by Apple. This Russian hack seems more advanced, but as was said at a possible price.
When Kit Store returns a completed purchase to your payment observing queue, the transaction’s Receipt property contains a signed receipt records That all the critical information for the transaction. Your server can post this receipt to the App Store to verify That the receipt is valid and has not tampered with bone. TRANSMITTED queries directly to the App Store are sent and received as JSON dictionaries, as defined in RFC 4627. Apple will need to take urgent measures to prevent the hack damages of the ecosystem and tnaive users to underestimate the privacy risks.
Also important to know that the hack is not all apps work with in-app purchases. Developers who use Apple’s recommended method of payment of in-app purchases to validate his do not seem to be affected thereby. Even developers who own (more secure) method are used to make purchases, are better protected against the hack.
