jimmyLi's blog

Alexei Borodin, the same hacker who came up with the recent in-app purchase exploit that allowed free transactions for iOS users has struck again with a new method that allows users of Mac apps to do the same. The ‘In-Appstore for OS X’ service uses a method that’s very similar to that used on iOS devices to spoof transactions made to Apple’s servers. We won’t rehash the method too much here, as we covered it in-depth with our previous article. The way that users implement it is slightly different on OS X than it is on iOS, but the root method is basically similar. After installing two local certificates, a user points their computer’s DNS settings at Borodin’s server and it pretends to be the Mac App Store, issuing verification of the purchase. It’s not incredibly simple, but it’s not all that hard either. This time there is a companion app called ‘Grim Receiper that must be run on the local machine to facilitate the process as well. It effectively bypass...

A Russian hacker has discovered an easy way to get in-app purchases on the iPhone and iPad for free. The process is potentially damaging for Apple's iOS developers whose main revenue comes from the paid upgrades. Users just have to download security certificates from the hacker's website and change a setting on your device's wi-fi connection. The hacker, who calls himself ZonD80, also posted a video on YouTube announcing his method and explaining how to do it. But the clip had been removed today and instead displayed a message saying it was no longer available 'due to a copyright claim by Apple, Inc.' According to the Huffington Post, the Apple blog 9to5Mac has confirmed that the hack does work on several of its devices which run systems iOS3 to the up-coming iOS6. For the time being, Apple will have some respite as Zon80's says his website will be unavailable for 'two or three days' because his servers are down. The hacker'...