Hacker breaks into Mac in-app purchases

As per latest reports, Alexey Borodin has managed to break into in-app purchases on the Mac. Borodin is the same guy who recently hacked into Apple's In-App Purchase Program for all devices running iOS 3.0 or later. Reports coming in claim that the hack lets users break into in-app content on the Mac and get them for free, like how they could with the previous hack. The ‘In-Appstore for OS X’ service’, which is used in this latest hack is quite similar to its iOS counterpart. Alexey has explained the steps required to gain access to in-app purchases using a couple of steps that are mentioned in the page hosted by him. 


Hacker breaks into Mac in-app purchases



As per the instructions, the entire process is made of just four steps.


  • “Installation of CA certificate
  • Installation of in-appstore.com certificate
  • Changing DNS record in Wi-Fi settings
  • Running application with support of Grim Receiper (to save your original AppStore receipts)”


As in the previous iOS hack, wherein one was required to download some security certificates from the hacker’s website, this method too requires the use to download two certificates from the web page. Once that’s done, the certificates can be installed simply by double clicking on them, one after another. There’s also a tool called the Grim Receiper that’s available for download and helps in keeping the original receipts intact, while using the app store. The last step, of course, is to make some setting changes to your network adapter. 


The instance first came to light when hacker  Alexey V. Borodin devised a method which made it possible for one to make in-app purchases on iOS devices for free. As aforementioned, the hack  required users to download some security certificates from the hacker’s website and change some settings on the device’s Wi-Fi connection. As per the previous report, ZonD8o runs a website called In-AppStore where donations are being accepted to support the development of the hack and to help keep the servers running.


TheNextWeb spoke with Alexey V. Borodin, a.k.a. ZonD8o, developer of the hack, about the hack and how it works. Borodin was willing to share his findings with Apple and says that he is no longer in charge of the In-Appstore site, and will be deleting any information that he has about the site from his computer.


TNW states that the site is now in the hands of an unnamed third party, as Borodin says he does “not want to be in jail =).”


Apple responded to The Loop about the situation with this statement, “The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”

Published Date: Jul 23, 2012 06:21 pm | Updated Date: Jul 23, 2012 06:21 pm