Last week I told you that a system called in-appstore.com allows you to hack the in-app purchases of certain applications available in The App Store the Apple company. Because the system quickly became very popular, those from Apple asked the YouTube company to delete the initial video clip in which the functionality of the system was demonstrated and put pressure to close the server from which it works. The Russian hacker did not give up easily, so changed the country that maintains its server has improved the system, so that now all hacking requests no longer go through Apple's servers, and users must log out of their Apple ID before using the system, thus eliminating any suspicions of account theft.
Blocking the original 'attack' route, Borodin sidestepped the authentication issue by migrating the service to a new server. Apple was able to pressure the host of the original server — which was located in Russia — into dropping Borodin's service, but according to the Russian hacker, the new server is hosted in an offshore country in an attempt to evade Apple's legal requests. Borodin tells us that the new service has been updated and cuts out Apple's servers, "improving" the protocol to include its own authorization and transaction processes. The new method "can and will not reach the App Store anymore, so the proxy (or caching) feature has been disabled." The signing process has also been adapted to ensure that users cannot use Borodin's service without first signing out of their iTunes account. The reason for this? "They [the users] need to sign out so they don't scream to the Internet that I am stealing their credentials."
Although the entire system apparently works without logging hacking data and Apple ID information, everything is simply based on the word given by the hacker. He claims that Apple must improve its system of in-app purchases, otherwise he will continue to exploit it and from here everything enters the game made by other similar websites. Apple has methods available to block such systems, but they require iOS updates and application updates, so it will take quite a while until the entire system is completely blocked.
