Apple Moves to Block In-App Purchase Hack

[Maura]

The Next Web writes that Apple is currently working to block the recently revealed App Store hack which enables users to download in-app purchases in certain apps for free. However, The Next Web writes that so far, Apple is not having much success in plugging the hole, which is currently still open. During the weekend, Apple started to block the IP address of the server from which the hacker, Alexey V. Borodin had been authenticating purchases. It then issued a takedown request for the original server, also taking down third-party authentication, and even issued a copyright claim on the video posted by Borodin to YouTube that showed how the hack could be executed. PayPay has also tried to help Apple out by blocking the original donation account because it violated PayPal’s terms of service. But despite all that, The Next Web says that Borodin is working hard to circumvent the obstacles that have been placed in his way, by, among other tricks, setting up a new server, which is offshore. He has told The Next Web that his new server has an improved authorization and transaction protocol. The Next Web says that Borodin is “unrepentant” and has told Apple to adapt its APIs or put new blocks on the service. He also says that Apple have not contacted him directly on the issue.

Source: Apple Takes Down Servers, Videos to Block In-App Purchasing Flaw

[Ads]

[yhyyhy]

It appears that Apple has now started taking moves to block the in-app purchase hack

[thewitt]

They will plug the hole. Blocking his server IP is a quick fix, not a real fix. They know that.