Apple prides itself in putting out mobile gadgets that offer best-in-class security for both users and developers that any news of breach or hacks inevitably becomes a surprising event.
Over the past few days, online technology forums are abuzz about how a Russian hacker Alexy V. Borodin, who goes by the moniker ‘ZonD80’ on YouTube, has discovered a way to circumvent payments for Apple iOS’s popular ‘in-app’ purchase that could potentially lead to losses for developers who put out free Apps (applications) for Apple devices - iPhone, iPad and Mac - hoping to earn through “in-app” purchases. The format of payments has been vital to the bludgeoning growth of Apps in the Apple ecosystem as it allows users to ‘try before buying’.
Reputed Apple watch website 9to5mac.com reported the breach on Friday (July 13) citing that Borodin’s ‘in-app’ proxy had been noticed first by a Russian technology blog. In three simple steps, the proxy enabled iOS device users to make in-app purchases for free and did not even require jailbreaking of the devices. (‘Jailbreaking’ is the popular term for unlocking mobile devices from restrictions of use imposed usually by the manufacturer and the telecom service provider.)
Though the method to circumvent the in-app purchases has been doing the rounds in mostly technical forums of the Web, Apple has not commented much beyond the very cursory statement that it takes security very seriously and is looking into the problem. Over the years, the company has gained a reputation of speaking very cautiously and very little even at times of crises. The first reaction seems to have been taking down the YouTube video that promoted on how the ‘in-app’ purchases could be done for free circumventing Apple’s payment verification system.
The hacker, on his part, on the website - http://www.in-appstore.com/ - has clarified that the intention of putting out the exploit for every one to see was to raise awareness. “I did not steal any money. Nobody lost at least one cent from their iTunes store accounts. If you are claiming, that money was stolen via in-app purchases, u're wrong. Zero in-app purchases were made in real appstore via this service. I did not hack anything. I just wrote app-store replacement. And it's a big idea to create yet another world of apple for our iDevices.”
Though the news about the exploit has been out since Friday and Apple has already started acting on the exploit, the hacker has continued to keep the heat on. On a blog post dated July 15, he promised to keep putting ways how the Apple’s app-store system could be twisted illegally.