Apple tries unsuccessfully to block in-app purchases hack

Apple has tried in vain over the past weekend to take the In-Appstore.com service offline. That service from a Russian hacker allows users to make in-app purchases without paying. Developers can’t do anything.

The hacker has described the in-app hack in such a way that no contact needs to be made with Apple servers, so that a blockade from Apple no longer makes sense. The hack works on all iOS versions from 3.0, so it can be performed on iPhone 4S, iPad 2, and new iPad, among others. Apple has also tried to take the service offline by asking the hoster to take the service’s server offline. That happened, but the hacker moved the service to another server, reports The Next Web.

The hacker, Alexey Borodin, has found a way to trick apps into thinking that an in-app purchase was paid without the payment being made. Even if developers have built in extra security by checking the payment, the hack can still take place. As a result, developers are powerless against the fraudulent hack. By Friday, about 30,000 people had used the service to avoid paying for in-app purchases, the hacker said.

In addition, the service now requires users to sign out of their iTunes account. According to the hacker, this was done so that no one can suspect that the iTunes password is being sent to the hacker’s server. It is unclear which data will be sent. The hack requires the dns settings on the phone to be changed and the user to install two profiles. A jailbreak or installation of certain software is not necessary to perform the hack.