Russian hacker's App Store fraud site adds Mac support

Filed Under: Apple, Featured, iOS, Law & order, OS X, Vulnerability

ZonD Eighty, the Russian hacker who brought App Store fraud to unjailbroken iPads and iPhones, has extended his "service" to OS X users.

Mac owners can now join their iDevice brethren in ripping off developers.

The procedure starts off the same way on OS X as it does on devices running iOS:

  • load and trust a fake CA (certificate authority) SSL certificate,
  • load a fake SSL certificate signed by the fake trusted authority,
  • change your DNS settings so you'll be redirected to the fake App Store.

There's one more step for OS X users:

  • install and use an app called Grim Receiper.

Apple has already publicly admitted that this is a vulnerability, and provided some workarounds for iOS programmers to protect their in-app purchases.

According to Apple, the vulnerability will be addressed in iOS 6, which is expected in October 2012.

But with just days to go until Mountain Lion (OS X 10.8) drops, a proper fix for OS X is going to have to wait for a security update.

As Chester and I made clear in the latest Chet Chat podcast, there's no inadvertent danger to users of Apple products here, only to developers.

If you get "infected" with this stuff, it's because you went out of your way to avoid paying for something you knew wasn't free - to "still developers' money", in ZonD Eighty's own words.

Developers will probably want to read the Apple Release Notes mentioned above, and to make sure they're protecting their in-app purchases as well as they can until Apple closes the door on this exploit entirely.


, , , , , , , , , , , , ,

You might like

4 Responses to Russian hacker's App Store fraud site adds Mac support

  1. Jon Fukumoto · 1177 days ago

    I don't condone this practice, nor will I participate in it. Any App, whether it's from the App Store or the Mac App Store, I will play for in-App purchases. By doing this hack, it denies the developer of any income they otherwise could have earned. I WILL NOT have this installed to my system, because of the inherent dangers associated with it.

    • Delta2 · 1176 days ago

      What else you expect from a bunch of crooks?

      I hope he gets a long jail sentence and all the crooks who made illegal purchases end up paying for it. Apple will have the final laugh either way. They done it in the past and they will do it again.

      With iOS6 updated API Zond80 said its game over as he has no way to bypass it.

  2. Guest · 1176 days ago

    3 months for a fix for iOS? Where is the backlash? If this was WP7 or Windows the world would be up in arms.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog