Apple Failed to Cope with a HackerAdded: Thursday, July 19th, 2012
Category: Bit Torrent Freedom > The Industries Of Records, Gaming, Software, Movies
Tags:ET, p2p, Torrent, Piracy, Peer To Peer, Network, Hackers, Internet, BitTorrent, Google, utorrent, bitcomet, extratorrent, 2010, www.extrattorrent.com
While Apple keeps claiming that its software is absolutely safe, it is fighting a losing battle with a Russian guy who managed to hack its system. Alexey Borodin hit the headlines after he published a video on YouTube instructing the users how they could avoid paying for in-app purchases without gaining root access to the system.
The way of doing that is quite simple – all you need is to install security certificates and change the DNS settings. The Russian revealed that over 30,000 unauthorized in-app purchases have taken place since he told everyone about the hack. Apple’s business model seems to offer users free software but insists they pay out for new features.
Thus far, the software giant has done nothing to fix the loop hole. Apple’s efforts are rather concentrated on trying to block the instructional video. Of course, it was fruitless because Borodin’s followers just replaced the video. The hack is working by placing the Russian’s server in between the device and Apple, so the company blocked the IP address of the server used by the hacker to implement the attack, and convinced the Russian host to shut down his service. In addition, Apple worked with PayPal in order to prevent Borodin from receiving donations.
In response, Alexey moved the server to a new location and switched to the anonymous Bitcoin service to receive donations. In addition, he tightened up the exploit in order to avoid interacting with the App Store, which made it even harder for the company to shut down.
Alexey’s problem now is that the exploit has become so popular he cannot afford the bandwidth needed to keep the exploit running much longer.
The battle became more intense when it turned out that Apple was rubbish at releasing updates to the software fast enough. Even Microsoft is expected to release a patch for such sort of thing within days, while Apple is still twiddling its thumbs. Experts pointed out that Apple recently released iOS 6 beta 3 to developers, but didn’t include the patch to Borodin’s exploit into it.
Meanwhile, the hacker claims that he doesn’t collect any data and users don’t have to enter their Apple ID and password to use the exploit. The latter doesn’t work with all apps, and the developers are able to get around the exploit by releasing new versions of the applications which use their own web servers, different from Apple, in order to validate receipts. The reason why the developers don't like this solution is because it increases costs.
July 19th,2012Posted by:
Thursday, July 19th, 2012
|posted by (2012-07-19 18:59:30)|
|More and more I notice that NOTHING is 100% secure...|
|I say good on him at least he is showing just what Apple has been doing to it`s users by milking them dry with con-straining them to their store for apps or forcing them to jailbreak their phones,Ipads and tablets so that they can put on their own music or films without exorbitant charges from Apple.|
|posted by (2012-07-20 00:54:38)|
|How much longer till apple folds, there computers are only good for graphic designers and noobs, the iphone is cool but in a few more months the newest gadget will be out and there software and security designers seem to be using commodore 64's...|
|Nice update Sam........ Ty|
|posted by (2012-07-20 20:03:36)|
|Interesting, The server will let me fool my iPhone into thinking I paid for that $1 app?|
And if his server goes down? All the unauthorized in-app purchases crash??
All because I didn't want to root my iPhone?
Did he explain where to get these editable security certificates?
Perhaps he should clone the server and share it (with the certificates)
Plus people are still paying him, might as well buy the app
|Good article. Thank you, Sam!||
Most Popular Stories