It seemed like things at Apple were rolling in smooth. The company was steadily receiving its daily dose of gazillion dollars, comfortably plump and lazy. But the iPad maker got a real scare… perhaps the first to interrupt its beauty sleep for quite some time.
Russian hacker Alexey Borodin hacked the purchasing system for iOS apps, making any purchases within apps free for users. Clearly alarmed, Apple got big and ugly with Borodin. First, the Cupertino Giant blocked Borodin’s IP address. Then, the company issued a takedown request for the hacker’s server and finally petitioned PayPal to close Borodin’s funding account.
The Russian hacker was no match for Apple. He just simply moved his server to another country and got a donation fund going.
Borodin has been very vocal about Apple’s lack of security measures and inadequate APIs. The Russian native uploaded a video http://www.youtube.com/watch?v=OqJppayqnfM and declared that Apple, not he, should fix the issue… Apple was actually transferring its users’ ID’s and passwords without any kind of encryption…
The technique Borodin used to implement the hack is actually quite simple. The Russian installed a certificate to emulate the verification receipt from the Apple App Store.