A prominent security researcher credited by Apple for discovering vulnerabilities allegedly tricked the tech giant into fraudulently stealing approximately $2.5 million worth of products.
Ironically, ZeroClicks Labs’ Noah Roskin-Frazee was praised by Apple for his role in identifying security vulnerabilities. Apple expressed its gratitude, saying: “We would like to thank Noah Roskin-Frazee and Professor J (ZeroClicks.ai Labs) for their help.”
But according to 404Media, by the time Apple thanked him, the man had been arrested for stealing iPhones, Macs and even gift cards to defraud Apple out of $2.5 million.
How did he succeed?
Roskin-Frazee discovered a vulnerability in Apple’s backend system Toolbox. They then teamed up with another researcher, Keith Latteri, to perform an escalating attack on the company’s backend. Then, through a series of steps, they gain access to Toolbox.
They even accessed employee accounts at a third-party company that helps Apple provide customer support. The two then used their false identities to place orders for various Apple products, manipulating the amounts due to zero dollars. This allows them to purchase iPhones, laptops and gift cards for free.
It’s a strange case indeed, especially since Apple thanked him two weeks after his arrest. The report also said that one of the two researchers also continued to extend Apple Care subscriptions for himself and his family, allegedly leaking their identities.
Follow us on Google news ,Twitter , and Join Whatsapp Group of thelocalreport.in
