Apple has already fired back at the latest hack concerning its App Store in-app purchase. While the company couldn’t patch the hack yet, one of the possible ways to solve the issue is Apple including a UDID (Unique Device Identifier) receipt in validation receipts.
Russian hacker Alexey V. Borodin broke the news last week when a way to obtain in-app purchase content for zero cents was made public. As Borodin said, his discovery was based on a bug which allows users to route their purchase request through a server owned by him. As the commentators of the Russian website first reporting the hack note, the zero-cost in-app purchase hack doesn’t work with all applications. Apparently the hack is possible due to developers’ laziness in implementing the final step on the in-app purchase which is the verifying Store receipts phase—a commenter informed The Next Web.
Meanwhile, some reports talk about 30,000 in-app purchase processes already carried out with the help of Borodin’t hack, causing serious damage to developers.As we already reported, this doesn’t require jailbreak, and it works on almost all versions of iOS from 3.0 to even iOS 6 beta. In order to bypass the payment during an in-app purchase, you need to follow three easy steps.
First, you need two certificates installed on your iPhone, which you can download from here and here. Secondly, you need to connect to a Wi-Fi network and change the DNS with “22.214.171.124” and you are ready to start making your purchase. The third step will be totally obvious: when you choose to purchase the item within the application, instead of the standard window containing the information about your purchase, the “Like in-appstore.com” window will appear. Hit like and you’ll have the chosen item on your iPhone for free.
Apple has already filed a complaint with the hosting company, so the server was out for a while and migrated to blogspot.com, but by the time of writing this article, Borodin had already moved to another server and the in-app purchase hack now works once again. [Via MacRumors]Contact Us for News Tips, Corrections and Feedback