to access exclusive content, comment on articles, win prizes and post on our forums. Not a member yet? Join now!

iOS hack 'allows free in-app purchases' - Report

Apple "investigating" alleged exploit

A hack that allows iOS users to trick the App Store into giving away in-app purchases for free has gone public, according to a report.


The exploit, which according to Mac World was posted last Wednesday, is said to have proven so popular that the server allowing it is currently down due to overwhelming demand.

The hack is reportedly the work of Russian Alexey V. Borodin and involves several steps including installing bogus certificates on your device, and using a specially-created DNS server.

These methods, claims Borodin, fool apps into believing that they're communicating with the App Store, delivering users free in-app purchases and robbing app makers of revenue in the process.

The hacker told Mac World: "I set this up due to hungry and lazy developers ... I was very angry to see that [iOS app] CSR Racing developer taking money from me every single breath."

Borodin said he's comfortable with other users getting in-app purchases for free if they feel the same about the apps they use.

According to iOS developer Marco Tabini, the exploit will require Apple to release an entirely new iOS update to fix.

An Apple spokesperson said it's investigating the issue and assured: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously."