The virtual credit cards are in heavy use these days , where the first time credit card users rank up high in majority who are reluctant to use it due to data theft . Well I was also one of them and first started using it with the hdfc bank . Which led on to the following exploit .
This vulnerabilty is due to the use of virtual credit cards , which Apple might not have considered much while documenting its's software .
For the dummies out there :
Now for exploiting this vulnerability , you'll be needing a dummy Apple ID ( not your regular apple id ) , a virtual credit card ( having the least possible amount in it ~ $1 ).
According to iTunes App purchase flow , it does not debit money from your account unless , the application , movie or song has been downloaded completely .
Preparing
Keep your dummy account and virtual credit card ready also note that after this hack you'll not be able to use this dummy account again , so again better not use your original account .
Sign in the itunes store with this dummy account.
Exploiting
For downloading multiple apps limit your download speed to the minimum , I suggest you keep it at about 50 kbps . After this , purchase your first application , now as it is paid it'll surely ask for your credit card unless you haven't entered it earlier .
Enter your credit card details , and shortly your download will begin .
Now as soon as it begins , pause your download and purchase another app , after it starts downloading pause it ( Don't worry you won't loose it ).
You can do this for all the other applications that you'd like to download .
Once your wishlist is complete , set your internet download speed to the maximum and start downloading all the apps one by one .
** Note this down , start the next download just before the former download completes ( This is an important step )**
So , now you officially have hundereds of paid iOS applications ( It does depend on your download speed) . If you are carrying out this process on a desktop , all your apps are saved onto your desktop . And if on an iPhone , be sure to sync it to your desktop in order to save your downloads .
After your dowloads completes , iTunes will display a message saying there is something wrong with your credit card . Just ignore it and sign off your apple id . And the next time you log in with this dummy apple it , you won't be able to use it . You'll keep on getting an error for your faulty credit card .
This vulnerabilty is due to the use of virtual credit cards , which Apple might not have considered much while documenting its's software .
For the dummies out there :
Virtual credit cards are short term credit cards that last for about 24 hours online , and after the time period the CC numbers become useless . Being much secure most of the banks worlwide provide this facility .
Now for exploiting this vulnerability , you'll be needing a dummy Apple ID ( not your regular apple id ) , a virtual credit card ( having the least possible amount in it ~ $1 ).
According to iTunes App purchase flow , it does not debit money from your account unless , the application , movie or song has been downloaded completely .
Preparing
Keep your dummy account and virtual credit card ready also note that after this hack you'll not be able to use this dummy account again , so again better not use your original account .
Sign in the itunes store with this dummy account.
Exploiting
For downloading multiple apps limit your download speed to the minimum , I suggest you keep it at about 50 kbps . After this , purchase your first application , now as it is paid it'll surely ask for your credit card unless you haven't entered it earlier .
Enter your credit card details , and shortly your download will begin .
Now as soon as it begins , pause your download and purchase another app , after it starts downloading pause it ( Don't worry you won't loose it ).
You can do this for all the other applications that you'd like to download .
Once your wishlist is complete , set your internet download speed to the maximum and start downloading all the apps one by one .
** Note this down , start the next download just before the former download completes ( This is an important step )**
So , now you officially have hundereds of paid iOS applications ( It does depend on your download speed) . If you are carrying out this process on a desktop , all your apps are saved onto your desktop . And if on an iPhone , be sure to sync it to your desktop in order to save your downloads .
After your dowloads completes , iTunes will display a message saying there is something wrong with your credit card . Just ignore it and sign off your apple id . And the next time you log in with this dummy apple it , you won't be able to use it . You'll keep on getting an error for your faulty credit card .
 |
| Ilustration by suka-strife.tumblr.com |
What Apple can do to fix it
- Allow downloading only a couple of paid apps at a time.
- First check the credit limit of the credit card before serving ( This method at this time is highly complex) .
- If connected to internet , check the viability of the applications installed .
Facebook
Twitter
Google+