In-app purchases have been a boon for app developers, creating the potential for lucrative new income streams. They also help foster ongoing app development, encouraging devs to keep offering new content in order to keep users purchasing. All that is now threatened, thanks to the discovery of an effective attack on Apple’s purchase authentication mechanism.

Unlike many iOS hacks, this one doesn’t require a jailbroken handset, as the only modifications needed to take advantage of this attack are to normal, user-configurable system options. First, the phone needs a couple custom encryption certificates installed, and then you’ll need to make some DNS modifications. The sum effect of these changes puts a hacker-controlled server in place of Apple’s computers, which is set up to authenticate any in-app purchases without taking a dime from you.

Some apps use additional authentication to verify in-app purchases, and as a result aren’t vulnerable to this attack, but a troubling number are. In light of this, we imagine that the rest will be scrambling to add such protections, but this stands to be quite the headache for developers.

Besides this all being a huge legal no-no, the hacker-run server that validates these transactions gets to learn a whole bunch of info about your phone when you connect to it, just like Apple would normally see. We’ve got a feeling these guys are a bit less trustworthy than Apple, though, so you’re probably best off staying clear.

This may all be mostly a moot point already, as Apple has reportedly contacted the server’s host and is working to get it offline. Still, if the relevant code gets released, there’s nothing stopping individuals from running their own similar servers.

Source: i-ekb (Google Translate)
Via: 9to5Mac

You May Also Like
Google Maps

Google Maps to soon show you how brightly streets are lit

A recent teardown of Google Maps v10.31.0 beta reveals that the company is planning on adding another layer to the application, called “Lighting”.
iPhone 11 review

Manufacturers are shrinking down components to make room for 5G

Apple supplier Murata Manufacturing has developed an ultrasmall version of a mainstay electronic component that would make room for other 5G tech.

Pocketnow Daily: iPhone 12 with a LARGER Qualcomm Touch ID?!(video)

On today’s Pocketnow Daily, we talk about the possibility of having Touch ID in iPhones once again, new features in the Samsung Galaxy Fold and more