Apple’s In-App Purchase System Hacked via Man-in-the-Middle Attack

Russian security researcher Alexey Borodin, also known as ZonD80, has found a way to bypass the in-app purchasing restrictions present in Apple’s App Store, allowing anyone with the proper know-how to upgrade applications for free.

The method presented by the hacker doesn’t require any advanced skills or a jailbroken device, 9to5mac reports. However, it doesn’t appear to work for all the apps of for users who reside in certain countries.

So let’s take a look at the more technical details.

Every iOS user knows that some of the pieces of software on Apple’s App Store are free. However, these free (or low-cost) versions are usually incomplete.

Users who want to purchase extensions or extra levels (in the case of games) can do so from within the application – thus the name “in-app purchase.”

To bypass this system, Borodin created a website called in-appstore.com which is basically used to fool the app into thinking that the customer has actually paid for it.

All it takes is a CA certificate and one from in-appstore.com to be installed on the device, and some modifications made to the DNS records of the Wi-Fi connection.

According to TheNextWeb, over 30,000 in-app purchases have already been made by using the method described by the Russian expert.

Apple is currently investigating the situation.

“The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating,” an Apple representative told The Loop.

A few hours ago, after the Internet started buzzing about the legal implications of such research, Borodin published a blog post to explain that he didn’t steal any money from iTunes accounts.

“I did not hack anything. I just wrote app-store replacement. And it's a big idea to create yet another world of apple for our iDevices,” he said.

“It's a good reason to proof, that something is not perfect. I helped everyone to move forward. Developers - to protect their apps. Apple - to improve their protocols. And, of course, hackers.”

He has also refuted the claims that his website collects the passwords of those who use it.

Note. We do not condone with hacking and we strongly recommend against using the researcher’s method to make in-app purchases.