Apple Fighting Against In App Purchase Hack
Recently, we reported that a Russian hacker had invented a new method that would allow App Store users to bypass Apple’s In App Purchase mechanism and receive additional content free of charge.
At that time, it was noted that use of the method involved theft of content from developers and exposed iOS device users to dangers as their account and device information, including their unique device ID was being routed to servers under the control of the Russian hacker running that service. Reporting on that issue to bring it to light was a responsible thing to do in order to alert developers to the issue and perhaps spur Apple into action.
The Next Web now follows up with a report outlining some of the steps Apple has been taking to combat the issue. These steps include issuing a copyright claim to have the original video showing the hack in action pulled from YouTube.
Over the weekend, Apple began blocking the IP address of the server used by Russian hacker Alexey V. Borodin to authenticate purchases.
It followed this up with a takedown request on the original server, taking down third-party authentication with it, also issuing a copyright claim on the overview video Borodin used to document the circumvention method. PayPal also got involved, placing a block on the original donation account for violating its terms of service.
The hacker, Alexey Borodin, is still committed to the service. He has been working to skirt around the roadblocks created by Apple that are getting in his way. Now he has moved the service to a server in another country.
However, it is clear that Apple is working on the issue and addressing it through multiple routes in order to improve the security of In App Purchase content. However, at the time of this news report being written, the service is still operational.
Source: Mac Rumors