While Apple has been furiously scrambling to fix the a hack that allows users to grab 'In-App Purchases' for some iOS apps for free by bypassing Apple's authentication servers, the hacker behind the original attack has extended it to compromise purchases made from apps from the Mac App Store.
Developer Alexey Borodin has modified the trick that fooled iOS apps into accepting fake purchase receipts to allow it to give users free access to 'In-App Purchases' from Mac App Store apps too. This essentially makes all 'In-App Purchases' made from apps free, meaning the developer loses out money.
Borodin has broken down the process into four steps:
- Installing a CA certificate
- Installing an in-appstore.com certificate
- Changing DNS record in the WiFi settings
- Running the Grim Receiper application
This process seems very similar to that iOS hack except that this one uses the tool called Grim Receiper -- top marks to Borodin for coming up with that creative name -- to keep purchse receipts stored on your Mac locally.
This attack, like the one against iOS apps, relies on the fact that Apple does not link specific purchases directly to a customer or device, which means that a single purchased receipt can be used repeatedly.
Apple has given developers a tool to help combat this problem in the iOS platform. The company made available to developers two previously private APIs that allow digital receipts to be verified. At present it is unclear whether this mechanism can be made available to Mac App Store apps.
IMPORTANT NOTE: I DO NOT endorse this technique, nor do I recommend that you use it. Not only is using this mechanism unethical and stealing, it’s more than likely that Apple will find out that you’ve done this — after all, it your device is tied to an Apple ID. Also, it's likely that you're sending your Apple ID and password to a third party, which could result in ll sorts of mayhem.
