iOS In-App Purchases Hacked, Content Available For Free

2 minute read
Chris Knight avatar

 Actually, for "hacked" read "redirected", as a Russian malcontent shows off a simple DNS change that can give Apple users free content from many iPhone and iPad apps, all without the need for jailbreaking or advanced cracking skills. 

Go Redirect To Jail

Annoyed over having to constantly pay for downloaded content in games and apps on his iPhone, a Russian hacker has created a trick to avoid paying for them. His workaround uses a cunningly-crafted server that he hosts. Then, he changes the device's DNS settings which redirects all attempts to make content purchases to this server.

That tells the device a payment has been made, so the download continues, without any end-user having to do anything apart from know the DNS address. With this exploit out in the wild, (Apple has closed down his original YouTube and other posts, but it is out there) expect criminal gangs to be offering cheap access to such addresses rapidly to rake in the cash before Apple can fix the problem. 

Apple On the Case

One crumb of solace for Apple is that this trick only works on some applications, as there are two ways of enabling in-app purchases in iOS, and hacker's method only works for one of these. However, Apple has to patch iOS pretty quickly, likely requiring a full user update to stop the rot.

According to MacWorld, who ran the story, Apple has responded with a vanilla; "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously, and we are investigating." statement. 

Learning Opportunities

A change in how in-app purchases are handled will be needed, which could see potentially tens of thousands of apps in need of an update, either to the more secure, or a new, method. A full iOS update might be rushed out in advance of iOS 6.0 if this proves to be a major problem.

In the meantime, app creators could rapidly start to lose revenue and Apple will have to muscle through its updates, which could end up annoying far more people than this issue affects. With new Apple hardware on the way, the company will want this issue solved quickly. 


About CMSWire

For nearly two decades CMSWire, produced by Simpler Media Group, has been the world's leading community of customer experience professionals.


Today the CMSWire community consists of over 5 million influential customer experience, digital experience and customer service leaders, the majority of whom are based in North America and employed by medium to large organizations. Our sister community, Reworked gathers the world's leading employee experience and digital workplace professionals.

Join the Community

Get the CMSWire Mobile App

Download App Store
Download google play