Russian Hacker Bypasses Apple’s Security For Free In-App Purchases


Recently noticed by major news sources, a few days ago, a Russian hacker publicized a video on YouTube that demonstrates a rather frightening flaw within Apple’s in-app purchase system. The hacker was able to successfully circumvent security measures in the system to “bypass” the confirm purchase dialogue prompt for in-app purchases.

The method, as demonstrated by the developer himself, doesn’t rely on a Jailbreak to exploit the system. Instead, user’s who wish to engage in such a taboo practice must install two certificates and use a custom DNS entry – modified via the Settings app.

Upon successfully configuring a device, the user of said device will be able to receive free in-app purchases by simply preforming the in-app purchase as normal and then pressing “LIKE” once the new prompt pops up (as pictured to the right).

In addition to engaging in piracy and effectively bypassing the standard in-app purchases process, users who partake in this practice are also at risk of having their own information compromised. Essentially, personal data is readily available and accessible to the hacker via the server that “reroutes” the in-app purchases if the certificates are installed and the DNS entry is edited.

Moreover, it’s been reported that the developer already switched hosting due to the suspension of his previous account and server.

While Apple can likely fix this exploit via a new firmware release with an improved security system, developers can also do their part to ensure their apps don’t fall victim to piracy by implementing validation of in-app purchases.

Stay tuned for additional coverage on the situation and what measures Apple will inevitably take to outdate this security flaw.

Owner and webmaster of Jailbreak Tech Info. Tanner is also a professional Jailbreak tutorial writer, the main reporter for Jailbreak Tech Info and owner of the YouTube channel iCrackUriDevice. Feel free to shoot him an email at Tanner@BestTechInfo.com with any questions or comments.

  • Nilsenfrederick

    What is the source?

  • jaredbarnes4

    tutorial?????

  • Amir_1_love

    Guys…jailbreaking doesn’t harm the device!
    And if you felt it does just restore it! Omg don’t be so fool.
    Jailbreaking allows you to take more control of your device
    If you want to..if you don’t wana jailbreak then don’t say it’s a risk..
    In my openion..if Apple Inc. make the jailbreak legal..their sales would go higher like hell!
    Because people like to free their devices and just make it the way that makes them feel happy….!

    • http://www.facebook.com/people/Mike-Collet/100000496697718 Mike Collet

      100% right. 

  • Billybobjoe

    haven’t you ever herd of iap cracker????? wow noobs…. its been out for years.

    • Kronix

      Doesn’t work for ALL apps…. noob

      • Peperocks

        neither does this hack

    • KroniX

      Another thing, look at the title ”
      Russian Hacker Bypasses Apple’s Security For Free In-App Purchases” 
      That means that Apple had security for some apps so you can’t get them for free, and he as able to do it

  • Jordster97

    there is a tweak on cydia called IAP Cracker which does this already and if people rant going to risk jail breaking their iPhone / iPod are they really going to risk this

    • Kronix

      Doesn’t work for ALL apps, take MetalStorm Wingman for example or Real Racing 2

      • Edwinjr8

        kronix do u know to hack the ipod to get the free apps
        cause i want to know

  • http://twitter.com/AppleFlavorTV AppleFlavorTV

    What do you need to do to make it work?

  • Kevin-master-1997

    i wonder if this is safe…

    • http://www.facebook.com/people/Mike-Collet/100000496697718 Mike Collet

      it is.

  • http://unlockboot.com/ UnlockBoot

    Update #1: New Working DNS!

  • polaaankus

    awsomeeeeeeeeeeeeeeeeee