A notable security researcher, recognised even by Apple for uncovering vulnerabilities, has allegedly deceived the tech giant, stealing products valued at approximately $2.5 million through fraudulent means.
In an ironic turn of events, Noah Roskin-Frazee, affiliated with ZeroClicks Lab, received appreciation from Apple for his role in identifying a security flaw. Apple expressed gratitude, stating, “We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance.”
But by the time Apple had thanked him, the person, as reported by 404Media, had already been arrested for scamming Apple out of $2.5 million by stealing iPhones, Macs, and even gift cards.
How did he manage to pull it off?
Roskin-Frazee had identified a vulnerability in Apple’s backend system known as Toolbox. Then collaborating with Keith Latteri, another researcher, they executed an escalation attack on the company’s backend. Subsequently, following a series of steps, they gained access to Toolbox.
They even got access to an employee account of a third-party company that was helping Apple with customer support. Then, under false identities, the duo placed orders for various Apple products, manipulating the sum payable to zero dollars. This allowed them to procure iPhones, laptops, and gift cards without any cost.
This is certainly a bizarre case, especially because Apple thanked him two weeks post his arrest. The report also said that the one of the two researchers also went on to extend the Apple Care subscription for himself and his family, allegedly revealing their identity.
Comments
0 comment