14 DAY TRIAL // Bugs in iPad applications used by numerous newspapers and magazines to deliver digital content to their paying subscribers, can be exploited to access it for free.
The problems were discovered by a group of Italian hackers called DarkApples and were originally reported [Google translation] in the Italian newspaper Il Post (The Post).
Adobe's Digital Content Viewer technology, which is used by many publications, including Wired, The New Yorker, iGIZMO, Corriere della Sera or Gazzetta dello Sport, seems to be the most vulnerable one.
According to the hackers, it's only necessary to edit a settings file (.plist) and change an option from "no" to "yes" in order to turn a publication from purchasable to viewable.
Such a modification will cause a "Download" button to appear for a subscription instead of a "Buy" one and will result in users having free access to the content.
This extremely simple exploitation method suggests that Adobe's technology was designed with little regard for security.
In order to edit the .plist file, users need to connect the iPad to a computer and use freely available tools like iPhone Explorer to browse the contents of the device.
Also, while for publications offering long-term subscriptions this is a one-time hack, for others the process might need repeating when new issues are released.
"We have confirmed that it is possible for experienced users with detailed instructions to access some digital publications on the iPad that have not been purchased.
"We are working on a fix and expect to deliver a new version of our Digital Content Viewer to publishers on Friday, October 8," Adobe said in a statement.
However, according to the Huffington Post, the hack was still working on Monday. Granted, this might not be Adobe's fault, as the company only provides the technology.
It's the publishers' job to update their individual apps and get them out to existent subscribers through whatever mechanisms they have in place for that.
Il Post reports that Adobe's Digital Content Viewer is not the only technology vulnerable to such attacks. Others have similar bugs, but exploitation requires advanced tools and more technical knowledge.