There isn’t a system designed that can’t be hacked. The latest digital outlet to be cracked open and scooped out is Apple’s In App Purchases (IAP) system. An enterprising Russian programmer has apparently devised a way to “spoof” the microtransactions.
The method isn’t particularly simple, it requires the installation of faked certificates on your iDevice and some DNS trickery, but it’s proving very popular among dishonest AppStore customers since it went out to the wider public on Friday. The server that handles the DNS is apparently failing due to the demand placed on it.
The man behind the hack told MacWorld that he made it because he was tired of having to pay for things in games. CSR Racing, a free to download game that utilises IAP to generate revenue, annoyed him by “taking money from [him] every single breath.” So he decided it was okay to steal from it. He’s happy enough for his method, which exploits the fact that IAP receipts contain no specific user data – making them easier to spoof, to be used by anyone else who decides they shouldn’t really have to pay for the things they want too.
I’m not a fan of IAP by any stretch of the imagination. I’d love it if developers and Apple worked to find a new way of monetizing AppStore content that was more transparent and up front. But the notion that we should be able to steal content if we don’t want to pay for it isn’t one I’m comfortable with either. Hopefully this exploit gets plugged quickly, before developers lose too much income or it puts off potential developers from the platform.
Dr_mohannad
Sweat, now I can get that gun I always wanted but couldn’t afford
calm down, obviously I’m joking, it was bound to happen though.