The hack found by Russian developer ZonD80 is present in all versions of iOS since the In-App purchase feature was introduced. It is also relatively simple to get around;
All you have to do is install a couple of certificates, (a Root CA and for the in-appstore.com)
Connect Via WiFi and change your DNS to 62.76.189.117
press the Like button and then enter your Apple ID and password.
The system relies on using a proxy (the site you just installed the certificates for) to bypass the normal Apple servers when you try to purchase items in your installed application base. ZonD80 is also asking for donations to keep the servers running and also to help fund future development. We have a feeling that the site will not last long at all once Apple finds out about it. We know that multiple sites have already contacted them about it… so we are guessing that the service will last a couple of more days and be gone.
The problem is that this flaw has existed in the system and can be used for more malicious purposes. Can you imagine if a instead of hosting free items this was about scavenging user information (and it still could be). Or if this hack gets integrated into an app that slips by Apple’s censors like an earlier SMS spam system did. This type of vulnerability is a problem across all smartphones and is more to do with a lack of imagination than poor design. How many of Apple’s or Google’s engineers imagined that someone would come up with this? I do not think that any of them did. This is the basic problem with most IT security… it is the through process that “they would never think of that” that stops proper security. We know that mobile devices are the next big target for malware and cybercrime. They are in use more than almost any other device and people have a false sense of security when using them. That combination of mass-impact and naivety make for a very ripe playground for hackers and criminals.
Discuss this in our Forum