Russian hacker admits defeat in IAP breach

By , Jul 23, 2012

Alexey V. Borodin, the Russian hacker who made headlines with a tool which lets anyone steal extra content in apps, no jailbreak required, is admitting defeat following Apple’s announcement that the in-app purchasing (IAP) exploit will be fixed in the shipping version of iOS 6 this fall.

In an unprecedented move, Apple gave developers access to a pair of private APIs in iOS, a temporary solution that effectively bypasses the hack. Borodin just publicly acknowledged that currently there is no way to circumvent Apple’s band-aid fix in apps updated to take advantage of the private APIs…

A blog post over at his In-AppStore.com website titled “It’s all over… for now”,  Borodin writes under his hacker nickname ZonD80 that Apple successfully fixed the security issue with the private APIs.

By examining last Apple’s statement about in-app purchases in iOS 6, I can say, that currently game is over. Currently we have no way to bypass updated APIs. It’s a good news for everyone, we have updated security in iOS, developers have their air-money. But, service will still remain operational until iOS 6 comes out.

The method used to crack IAP in iOS has also been successfully employed against paid content in OS X apps distributed via the Mac App Store. Noting that he is still waiting for Apple’s reaction, Borodin teased that he and his team have “some cards in the hand”, adding that “it’s good that OS X is open”.

A short follow-up post published less than an hour ago invites people to try “buying” some paid content in apps, hinting that they “made a little improvement to protocol”.

We at iDB do not condone this hack nor any other method that lets dishonest individuals steal paid content and deny developers their hard-earned revenue.

Do you think Borodin will find a way to circumvent Apple’s fix for fake in-app purchases?

  • Share:
  • Follow:
  • http://www.facebook.com/profile.php?id=1849765376 Jordan Rushing

    If there’s a will, there’s a way.

  • Manuel Molina

    I feel like this thing is going to force some business away from Apple. Some dev’s might want to turn ships if they see that it’s easy to break iOS. Regardless if this is the first time such a thing has happen, it still makes me wonder if someone will say “well if iOS is going to have crap broken, I might as well go to Android” even though it’s easy to find an APK for most apps for Android.

    • http://twitter.com/greghesp Greg Hesp

      See Google search latest Jellybean update to counter this

    • http://www.facebook.com/profile.php?id=530352812 Jayar Gibson

      See the articles coming out today that show Apps in Androidville are being made free due to piracy.

  • http://twitter.com/_Bedal_ Byron

    Hopefully this will take their minds off trying to stop jailbreaks since this doesn’t require a jailbreak

  • seyss

    “steal extra content in apps” gotta love the drama when talking about copying stuff

  • http://www.facebook.com/profile.php?id=1595420643 Simche Apple Konstantinovic

    Hmm how strange, This even got to my local newspaper in Sweden… It’s like that time, when there were 100k+ macs infected by “virus” :O though, when it comes to Android and Windows with similar “infections”, people are like: “nothing new” haha ;p

  • http://www.facebook.com/alexander.gardner.73 Alexander Sir-Cheezitz Gardner

    damn. i was really enjoying apple get screwed over.

  • http://twitter.com/iPadFreaK901 iPadFreaK90

    dont worry
    Borodin keep your head high!….u are helping apple anyway..by exploiting which results in better security over software.