Saint Andrew’s Hacking Paradise

App Store Bypassed by Russian Hacker without Jailbreaking

Apple is investigating yet another security breach in its iTunes app store . A Russian hacker worked out a way that allows people to bypass payment in the App Store and download products for free.

The hacker, dubbed ZonD80, posted a video of the crack on YouTube (Deleted by Youtube now) and claims that the technique makes it possible to beat Apple's payment systems by installing a couple of certificates and assigning a specific IP address to the device.

The new service, which has already been subject to attempts at shutting it down, requires no jailbreaking and only minimal configuration changes. It works by funneling purchase requests through a server operated by the hacker, rather than the legitimate one offered by Apple. As a result, charges that normally would be applied to a user's account are bypassed.

Below are the steps to the hack:

Install two certificates: CA and in-appstore.com.
Connect via Wi-Fi network and change the DNS to 62.76.189.117.
Press the Like button and enter your Apple ID & password.
Using the above hack, you are actually stealing in-app purchase content from developers, which is kind of disturbing and is of course against developer’s terms of service.

ZonD80 is now asking for donations to set up a website to promote the hack."Why you must to pay for content, already included in purchased app? I think, you must not," he said.

Apple has responded with the following statement:“The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison. “We take reports of fraudulent activity very seriously and we are investigating.”

Do you have questions, comments, or suggestions? Feel free to post a comment!