Saptamana trecuta v-am spus ca un sistem numit in-appstore.com va permite sa piratati in-app purchase-urile anumitor aplicatii disponibile in App Store-ul companiei Apple. Pentru ca sistemul a devenit rapid foarte popular, cei de la Apple au cerut companiei YouTube sa stearga clipul video initial in care era demonstrata functionalitatea sistemului si a facut presiuni pentru inchiderea serverului din care functiona acesta. Hackerul rus nu s-a lasat usor, asa ca a schimbat tara care isi tine serverul si a imbunatatit sistemul, astfel ca acum toate cererile de piratare nu mai trec prin serverle Apple, iar utilizatorii trebuie sa se delogheze din Apple ID inainte de a folosi sistemul, astfel eliminandu-se eventualele suspiciuni privind furtul conturilor.
Blocking the original ‘attack’ route, Borodin sidestepped the authentication issue by migrating the service to a new server. Apple was able to pressure the host of the original server — which was located in Russia — into dropping Borodin’s service, but according to the Russian hacker, the new server is hosted in an offshore country in an attempt to evade Apple’s legal requests. Borodin tells us that the new service has been updated and cuts out Apple’s servers, “improving” the protocol to include its own authorisation and transaction processes. The new method “can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled.” The signing process has also been adapted to ensure that users cannot use Borodin’s service without first signing out of their iTunes account. The reason for this? “They [the users] need to sign out so they don’t scream to the Internet that I am stealing their credentials.”
Desi intregul sistemul functioneaza aparent fara a loga date despre piratari si informatii privind Apple ID-urile, totul se bazeaza pur si simplu pe cuvantul dat de hacker. El sustine ca Apple trebuie sa isi imbunatateasca sistemul de in-app purchase-uri, altfel el va continua sa il exploateze si de aici totul intra in jocul facut de alte website-uri asemanatoare. Cei de la Apple au la dispozitie metode de a bloca asemenea sisteme, insa ele necesita update-uri ale iOS-ului si update-uri ale aplicatiilor, deci va dura destul de mult pana cand intregul sistem va fi complet blocat.
