Hacker exploits iOS flaw for free in-app purchases

A hack that lets iOS users trick the App Store into giving them in-app purchases for free has gone public, potentially costing app makers revenue and causing Apple a major headache.

The exploit was first posted Wednesday, but came into prominence early Friday, after it was publicized by several websites. (In fact, the hack has proven so popular that the server allowing it is down as of this writing due to overwhelming demand.)

Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps--including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a Web server that pretends to the App Store instead. Borodin told that his exploit works in part by faking--or "spoofing"--the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Speaking to over instant message, Borodin claimed that because "every in-app receipt is generic" and contains no direct user data, those receipts were "easy to spoof."

So why did Borodin do this? "It's my hobby," he said. "And it's a challenge to ." That's an iOS game with a freemium model; though the game is free to download, it offers a slew of in-app purchases to unlock extra in-game options and features. Borodin disapproves. "I set this up due to hungry and lazy developers ... I was very angry to see that CSR Racing developer taking money from me every single breath." Borodin confirmed that he's comfortable with other users getting in-app purchases for free if they feel similarly about the apps they use.