This article was published on July 23, 2012

Russian hacker defeated by Apple’s iOS 6 in-app purchase protections, increases focus on the Mac


Russian hacker defeated by Apple’s iOS 6 in-app purchase protections, increases focus on the Mac

Moving swiftly to shut down hosting servers, banning IP addresses and adding new protections to its iOS 6 firmware, Apple appears to have succeeded in putting an end to the in-app purchasing flaw by Russian hacker Alexey Borodin.

Posting to his In-Appstore blog, Borodin says that after examination of Apple’s new in-app purchase protections — which includes the sharing of private APIs — there is “no way to bypass updated APIs,” admitting that “the game is over.”

Despite giving Apple the run-around over the past two weeks, Borodin shifts focus on the iOS device maker, stating that as a result of his actions, there is “updated security in iOS [and] developers have their air-money.”

Last week, Apple shared a procedure that is not included in its current framework for developers, suggesting it is giving developers the chance to utilise parts of APIs that they would not normally have access to in order to implement a fix immediately, before rolling it out iOS 6.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol' founder Boris, and some questionable AI art. It's free, every week, in your inbox. Sign up now!

This means that until iOS device owners begin to update iOS 6 or developers implement the new in-app purchasing checks and validate receipts, users may be able to use the In-Appstore service to download in-app content for free.

Borodin notes that his mobile service will remain operational until iOS 6 is release, but also says that he has more in store with his OS X-focused platform:

The another thing is for In-Appstore for OS X. We still waiting for apple’s reaction and we have some cards in the hand. It’s good that OS X is open.

As we noted, Borodin’s OS X technique is similar to the iOS in-app purchasing flaw and works by bypassing the simple receipt system that Apple has in place for developers. Last week, it had reached 8,460,017 free purchase transactions, according to stats provided by the hacker.

With Mountain Lion rumoured to be days away from release, Apple may have already included similar checks in its operating system to mitigate the issue. Borodin appears to be waiting to see if the company has included protections in its OS X software before making an announcement.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with