w********1
发帖数: 3492 | 1 Fri, 13 Jul 2012 07:10:33 PDT
As noted by 9to5Mac, a Russian hacker has developed a relatively simple
method to allow users to bypass Apple's In App Purchase mechanism on many
iOS apps, allowing users to obtain the content for free.
Alternate In App Purchase confirmation button seen on hacked devices
The method, which does not require jailbreaking, involves installing a pair
of certificates on the user's device and then using a custom DNS entry.
Users can then perform in-app purchases as usual and automatically be
redirected through the hacked system.
Aside from the obvious impact that the hack involves theft of content from
developers, the method also poses risks to those using the hack, as some of
their own information is transmitted to the hacker's servers during the
purchasing process. For both of those reasons, users are strongly advised
not to pursue the method.
The hacker has already been evicted from his original host and had
reportedly moved to a new one, but the site is currently down. It is
unclear whether it is down simply due to high traffic or if other steps are
being taken to hinder his activities.
Developers can prevent the hack from working with their apps by implementing
validation of In App Purchase receipts, something many developers have not
included in their apps. |
|
