Russian Apple Hacker No Longer Invincible

Karloff

New member
Oct 19, 2009
6,474
0
0
Russian Apple Hacker No Longer Invincible



Apple thinks it has a solution to the Borodin App Store hack, but it's not foolproof yet.

"Currently game is over," Russian hacker Alexey Borodin admitted on a short while ago [http://www.in-appstore.com/2012/07/its-all-over-for-now.html] when his scheme to bypass the iOS store's microtransaction process turned free-to-play games like Angry Birds into free games. Now Apple has a counter to Borodin's scheme, though it will take an update to iOS6 to make the counter foolproof.

No doubt Borodin's feeling a little depressed [http://www.youtube.com/watch?v=Tl0LZsyi_tA ], as Apple's response is fairly comprehensive. At the moment it relies on users updating their apps regularly, and once they do the fake purchases implemented via Borodin's servers will be wiped from the users' systems. In theory this can be averted if the user never updates, which is why the counter isn't entirely effective yet. However Apple intends to shut this loophole down for good in iOS6, which means that Borodin's hack is living on borrowed time.

Apple's response [http://developer.apple.com/library/ios/#releasenotes/StoreKit/IAP_ReceiptValidation/_index.html#//apple_ref/doc/uid/TP40012484] to concerned developers has been to push the responsibility for checking receipts on to them. Apple's "best practice" for validating receipts is to "send the receipt to your server, and have your server perform the validation with the App Store server." This is something that developers haven't all been keen to do, since it requires infrastructure investment on their part that can be more than they can afford.

Borodin isn't defeated yet. The iOS6 update isn't due until autumn, and according to him there may also be a way to spoof Apple's Newsstand app [http://www.apple.com/ipad/from-the-app-store/newsstand.html]. This app - used by newspapers like the New York Times - allows users to access daily magazine and news content, usually for a fee. Though Borodin has yet to prove it, he's hinted that he's found a way around the fee part of the process; now there's a happy little nightmare for the cash-strapped New York Times to chew over.

Apple still hasn't said whether or not developers affected by Borodin's hack will be compensated for their losses.

Source: Guardian [http://www.guardian.co.uk/technology/2012/jul/23/apple-ios-hack-developers-fix]


Permalink
 

Scrythe

Premium Gasoline
Jun 23, 2009
2,367
0
0
The newstand thing wouldn't be such a "nightmare" if damn-near everything on there wasn't a $15 a month subscription.

For a digital newspaper/magazine.

Yeah, that makes total sense.
 

XDravond

Something something....
Mar 30, 2011
356
0
0
Clearing the Eye said:
Wonder how much money his "hack" costs Apple.
Depends on how you count, amount yea might be a fair amount of $/£/?/whatever but if you count compared to Apples income well maybe 1-2% of their monthly winnings... ;-)
 

McMullen

New member
Mar 9, 2010
1,334
0
0
Is Alexey Borodin his real name? I thought it wasn't a good idea for hackers to use their actual names, or have blogs discussing their work.

Seems kind of like being a world-famous spy.
 

icythepenguin

New member
Jun 5, 2012
39
0
0
McMullen said:
Is Alexey Borodin his real name? I thought it wasn't a good idea for hackers to use their actual names, or have blogs discussing their work.

Seems kind of like being a world-famous spy.
The Russian government won't do anything to him for screwing with an American company and they certainly won't give him up to the Americans. So he's safe and sound giving out his name and blogging about it.
 

Gilhelmi

The One Who Protects
Oct 22, 2009
1,480
0
0
I say acts like this should be considered on the same level as illegal drug sales. I am not a big fan of the UN at times, but this is the type of stuff that they could be getting involved with. Pressure Russia too take action against criminals stealing others property.

LONG LIVE THE INTERNET, DOWN WITH PIRACY!!!
 

NightHawk21

New member
Dec 8, 2010
1,273
0
0
Gilhelmi said:
I say acts like this should be considered on the same level as illegal drug sales. I am not a big fan of the UN at times, but this is the type of stuff that they could be getting involved with. Pressure Russia too take action against criminals stealing others property.

LONG LIVE THE INTERNET, DOWN WITH PIRACY!!!
You mean you want America (not the UN) to go to Russia (someone who was for a long time the enemy) and ask nicely to stop taking its things without asking.

I will say this hacker is quite hilarious, but I think a large part of it is because the target is Apple who for the longest time ran their mouth about how secure everyone of their products was.
 

-|-

New member
Aug 28, 2010
292
0
0
Gilhelmi said:
I say acts like this should be considered on the same level as illegal drug sales.
It already is. That is if by the "same level" you mean a long and pointless campaign that will have no effect whatsoever on demand.
 

Strazdas

Robots will replace your job
May 28, 2011
8,407
0
0
McMullen said:
Is Alexey Borodin his real name? I thought it wasn't a good idea for hackers to use their actual names, or have blogs discussing their work.

Seems kind of like being a world-famous spy.
Source: Guardian
Cant trust that.
 

DazBurger

New member
May 22, 2009
1,339
0
0
Revnak said:
Your picture made my ability to see what you did there far less impressive. I am dissapoint.
I see what they did there!

http://www.youtube.com/watch?v=Tl0LZsyi_tA
 

Gilhelmi

The One Who Protects
Oct 22, 2009
1,480
0
0
NightHawk21 said:
Gilhelmi said:
I say acts like this should be considered on the same level as illegal drug sales. I am not a big fan of the UN at times, but this is the type of stuff that they could be getting involved with. Pressure Russia too take action against criminals stealing others property.

LONG LIVE THE INTERNET, DOWN WITH PIRACY!!!
You mean you want America (not the UN) to go to Russia (someone who was for a long time the enemy) and ask nicely to stop taking its things without asking.

I will say this hacker is quite hilarious, but I think a large part of it is because the target is Apple who for the longest time ran their mouth about how secure everyone of their products was.
No, I want the UN to do it. America gets (I believe) unfairly blamed for too many things when it comes too this type of thing. Some countries (Russia included) do not give a dame if their citizens are stealing, as long as, they are not stealing from other Russians. We need too find a way in this modern age for a the UN to prosecute criminals that commit crimes in other countries, Meaning a Russian hacker hacking a server in America, could be prosecuted by the UN courts.

I still not like the UN, Far too many of the nations are run by dictators and criminals themselves. So my plan has major FLARING, flaws. I could see the UN arresting, say Americans, who were speaking out against the UN. Violating the American Constitution but the UN does not seem that concerned with Human Rights. I see the problem with my plan, but someday we will have to figure something out.

This subject needs a great deal more thought.