Security expert turns out to be a scammer, used Apple’s bug to rob the company of $2.5 million

In a surprising twist, a security researcher who is usually praised for helping Apple detect software problems reportedly exploited a massive security hole to scam the company out of $2.5 million.

Noah Roskin-Frazee, who worked at ZeroClick’s lab, was previously thanked by Apple for helping find problems with their software. But now, according to a report by 404 Media, he has been accused of using a loophole in Apple’s system called Toolbox to carry out a major hack.

Here’s how it happened: Noah and his friend Keith reportedly found a way to break into the toolbox, where Apple manages orders placed on hold. They did this by impersonating a different company that helps Apple with customer service and then using that access to enter Apple’s systems.

“During the course of the scheme, defendants and co-conspirators attempted to fraudulently obtain more than $3 million in Company A [Apple] products and services through more than two dozen fraudulent orders,” the indictment states. It says that for orders that were fulfilled, the defendants received approximately $2.5 million in electronic gift cards and more than $100,000 in “products and services.” “The indictment states that many of these gift cards and products were then sold to third parties,” the report noted.

Once they were inside, they started messing with the orders. They reduced the prices to zero and added extra items without paying. They even got gift cards without spending any money, which they could either use themselves or sell for a profit.

The weirdest part? Even though they were trying to cover their tracks by using fake names and addresses, one of them apparently used the system to extend his AppleCare contract for himself and his family.

This whole situation is a huge deal because it’s not just about the money Apple lost. It’s also about trust. People like Noah are expected to help keep Apple’s systems secure, not exploit them for personal gain.

Related posts

Warning: New secret “RustDoor” backdoor is targeting Apple macOS devices

Kimsuky’s New Golang Stealer ‘Troll’ and ‘GoBear’ Backdoor Targets South Korea

Interpol arrests 31 in global operation, identifies over 1,900 ransomware-linked IPs

1 comment

hdhub4uin November 22, 2024 - 2:01 pm
Just wish to say your article is as surprising The clearness in your post is just cool and i could assume youre an expert on this subject Fine with your permission allow me to grab your RSS feed to keep updated with forthcoming post Thanks a million and please keep up the enjoyable work
Add Comment

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More