Current Event: iTunes Gift Voucher Hacked?

By Tim Crossley at 5:31 pm on March 13, 2009Comments Off on Current Event: iTunes Gift Voucher Hacked?

Many online news agencies are reporting that a Chinese group of hackers have broken Apple’s iTunes Gift Voucher code generator. The original story seems to come from Outdustry, a Chinese music industry website, and tells of $200 gift certificates being sold for as low as $2.60. The same article tells of how the seller freely stated that the certificates were generated via a key generator.

However, the information we have is nowhere near enough to show that the certificate generating algorithm has been cracked. For one, despite the large number of new sites reporting the break, all that I’ve seen can be traced back to Outdustry. Before I saw this story, I had never heard of the site Outdustry, and given that it just looks far more like a blog than a credible news source, I must say I am skeptical of the validity of this story. As for the cheap vouchers, they may or may not have been generated by hackers. Perhaps they were bought with stolen credit card information.

Lastly, there is more to an iTunes gift certificate, or any digital gift certificate, than just a number. The agency in charge of redeeming certificates must validate each one. If the validation was entirely contained within the gift code, then there would be nothing to stop the same certificate being used multiple times. No, no matter how the keys are generated, Apple must have some way of telling used certificates from good certificates.

This raises an interesting point. If we assume that the Chinese certificates have been created by a key generator, and if those certificates work to on the iTunes store, then one of two things happened. Either the keygen created a key already in use, but not yet redeemed, or the default state for a certificate is “valid.” I count the first case as very unlikely, and the second case would be almost criminal in its exploitability.

Overall, I don’t believe any such cracking of the iTunes gift certificate format took place. Stolen money/credit cards could explain the cheap, under the table deals on certificates.

Original Source: Outdustry

Filed under: Current EventsComments Off on Current Event: iTunes Gift Voucher Hacked?

Comments are closed.