Hacker exposes iOS in-app purchase flaw, circumvents the system with own server
The hack works on all iOS devices running versions from iOS 3.0 to iOS 6.0. While some will be tempted to say that the developer broke Apple’s system, truth is that he simply wrote an alternative store and defends his point by saying that this will only help developers and Apple tighten up their security.
Simply put, to bypass Apple’s servers, Borodin built his own server. In-app purchases are then directed to that server, which in turn delivers a purchase receipt to the device without actually charging users real money. To make this possible, Borodin himself studied hundreds of receipts and spend a few hundred dollars, but finally the system worked.
Going deeper into the technicalities, this method requires a CA certificate and profile for connection with iTunes, and it requires that a user’s Internet connection goes through a Domain Name Server system, set up to intercept requests. With this, you simply need to press the purchase button and the transaction goes through Borodin’s server.
While this unfolds, Apple has quickly issued a warning its investigating the issue:
source: i-ekb via TNW, 9to5Mac