A few days ago, Russian hacker Alexy Borodin found a way to get free in-app purchases on an iPhone or iPad. In-app purchases include things like items and power-ups for iOS games, as well as subscriptions and "premium" memberships for certain apps.
The method is novel, not for the result, but more so because of how surprisingly easy it is to use. There's no need to jailbreak your phone and the "hack" can be done in a matter of minutes.
The process circumvents Apple's authentication servers by redirecting the requests to Borodin's service, which then sends a receipt back to the device, making the app register that the purchase has been completed. Borodin's service does require a valid receipt from a particular app to get started, but in the past few days he has spent hundreds of dollars "donating" receipts in order to test his process.
Apple obviously isn't very happy with this and released a statement to The Loop:
"The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."
Apple is currently scrambling to do some damage control, but so far their efforts have not resulted in much. They had the YouTube instructional video disabled, had PayPal suspend the account Borodin was taking donations from, and managed to issue a successful takedown request of his original server. Unfortunately for them, Borodin responded equally as fast, moving his servers offshore and altering the process to not use Apple's own servers.
As of today, Borodin's method is still working and you can see a little more of the back-and-forth between him and Apple on his website, In-Appstore.
Before you run into this, dancing for joy at all of the free stuff you'll be downloading, consider the implications. I'm of course not talking about the ethical ones, as obviously this is taking money out of developers and artists pockets; that's not even up for debate. But consider the fact that you're running your phone's connection through servers in who knows where, through a process designed to illegally steal content.
The process was recently changed to require the user to sign out of their iTunes account first, so, in Borodin's words, "they don't scream to the Internet that I am stealing their credentials." Still, even if Borodin insists he's not logging devices, that's an awful lot to take at his word. This is not even considering what Apple can or will do legal-wise if they manage to track the use of Borodin's process to your phone.
It's a fairly murky grey area right now, so tread carefully if you intend to try it out. In any case, here are the steps to get it to work. Use at your own risk!
Step 1: Sign Out of Your Apple ID
You can do this by going to Settings -> Store -> Tapping on your Apple ID, then hitting "Sign Off".
Step 2: Install the Security Certificates
Install the following profiles onto your device. Important! They must be installed in this order:
- http://91.224.160.136/certs/cacert.pem
- http://91.224.160.136/certs/itcert.pem
Step 3: Begin a Purchase
Go to the app where you intend to buy in-app items, and start a purchase. Then hit "Cancel" when it asks you to verify that you want to make the purchase.
Step 4: Set-Up the DNS Settings
Open the Wi-Fi settings on your iPhone or iPad, then tap the arrow on the right of your Wi-Fi network. Set the DNS field to this IP address:
91.224.160.136
If you're confused, there's a video tutorial available. However, it's already a little out-dated, and I have a good feeling it will be pulled soon.
That's It!
It's amazing just how simple this process is. It makes you wonder just how secure Apple's system is and if similar vulnerabilities could be exploited to steal entire apps, personal information, or anything like that.
It's certainly going to be a back and forth battle between Borodin and Apple as word spreads about the vulnerability. Considering Apple's tremendous resources and talent, I don't doubt at all that the hole will soon be shut; my only question is what the consequences of this whole affair will be.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
15 Comments
Personally, I wouldn't risk trying it. Theft is theft, and there could be some serious legal consequences. On the other hand, it's baffling that Apple didn't require a more secure signature on its purchase receipts to begin with.
Interesting. But I never liked In-app purchases; I'd rather just spend the money up-front and get everything in one package.
Yeah, me too. Other than well-sized level expansion packs, I feel that apps that rely on in-app purchases are engineered to try and squeeze as much money as possible out of the user by halting gameplay at the moments where you're having the most fun in order to get you to pay them more to keep playing. It just feels like you're being cheated.
Yeah... I never buy in-app perks because I don't like getting squeezed. If it's a game or app that's impossible to enjoy without buying extra crap, I simply avoid it. I wouldn't risk trying this hack out, but only because I don't want to get hooked on receiving in-app perks, then have to buy them when Apple fixes this.
How do you install the profiles
try it!
After it i can't log in to appstore or itunes store and it says cannot connect itunes. Please help me!!!!!
dude you're screwed.....police car coming to you to your home, any day now..
I have the exact same problem please help us guys
Just uninstall the certificates, disconnect from your wi fi network and connect again, connect your account back and done.
How to uninstall these certificates
Hang in there... Go to your wifi then go into DNS then delete what u typed in. Then type nothing in and go into a random place in settings and go back into wifi , click on DNS an your number will be back 2 normal and everything should work again.
If you have cydia, it is just easier to just install iAPFree, enables in-app purchases for free without the hassle.
This doesent work anymore when i go to an online app it says Cannot Log in and it says on youtube This works on offline and online games can you give me a link where do i download cydia without an computer
It is not working in my ipad mini on all games like fts15,smash hit etc
Please help me
Share Your Thoughts