Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Russian hacker lets you get Apple in-app purchases for free, thanks CSR Racing

This article is over 12 years old and may contain outdated information

Recommended Videos

A Russian hacker has figured out a way to get in-app purchases on iPhone and iPad for free, and it doesn’t involve jailbreaking your device.

What’s more, the hacker, Alexey Borodin, has released the information over the internet. Meaning, if you were so inclined, you could try to get something for nothing yourself.

Borodin has created a server, which he hosts himself, tricking your device into thinking that payment for the in-app purchase (IAP) has been made legitimately. You’ll need to chance your DNS settings for it to work, but various users across the net are reporting success with Borodin server.

Borodin explains that CSR Racing was the catalyst for his desire to hack the system.

“I set this up due to hungry and lazy developers,” Borodin said. “I was very angry to see that CSR Racing developer taking money from me every single breath.”

I play CSR Racing and I see his point, the microtransaction policy implemented in that game does the straddle the boundary between acceptable and a piss-take.

There are currently two ways for app developers to integrate IAPs into their software, and Borodin’s system is only able to bypass one of them. Although, he does promise that a future project will unlock IAPs in all apps.

In a statement, Apple said that it is “investigating” the breach and will likely need to change the methods developers use to validate IAPs.


PC Invasion is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission. Learn more about our Affiliate Policy
Author