An iPhone hacker going by the name "ZonD" has figured out a way for iPhone users to make in-app purchases without paying a cent. Apple should handle the problem itself, said Thrillcall's cofounder Chad Taylor. "For the sake of the community, my hope is that Apple can address this systematically without telling each developer with in-app purchases that the solution is simply to validate all receipts."
A Russian hacker has worked out a way to make in-app purchases from iOS apps without paying.
The hacker, who goes by the handle "ZonD," has set up a website explaining the exploit and has urged Apple to contact him.
ZonD asks visitors to his site to donate money through PayPal and other means.
This "could seriously impact revenues" of app developers who offer in-app purchases if it becomes widely adopted, Chad Taylor, cofounder of Thrillcall, told MacNewsWorld. However, "the likelihood of that happening before Apple addresses it is low."
HOW IT WORKS:-
Enabling ZonD's so-called In-Appstore trick requires the user to install two security certificates and change the domain name system (DNS) record of the mobile device to WiFi settings.
In-Appstore works only when WiFi connections are used.
The certificate authority (CA) certificate must be installed first, followed by the In-Appstore.com, certificate in that order. The certificates won't have to be reinstalled the next time the user accesses the service.
The user then has to remove all data from the iDevice's DNS field and set the DNS server to this address: 91.224.160.136.
Next, the user goes to an app and "buys" items offered in it for free. If the default app store prompt asking whether the user wants to purchase the item comes up, the user has to get out and setup the In-Appstore service again.
Once the user has downloaded the item "purchased," the DNS record should be restored to its original setting.
The hacker who came with the loophole goes by the alias "ZonD80". Anyone can utilize this loophole without jail breaking their phone. All you have to do is download some security cerficates from his website and change a setting on your iPhone or iPad's Wi-fi connection.
Despite of all the cool facts associated with it, you should be careful and avoid using such steps to download the stuffs from Apples' store -- not that it's only illegal and unethical, the hack may not actually work. Moreover, downloading the software mean sharing you personal information.
There has been no official response from Apple to the attack. However, ZonD80 is looking for donations for his effort.
Check Out This Video
0 comments:
Post a Comment