دسته‌ها
اخبار

Security Researcher Allegedly Exploited Internal Apple Tool to Steal Millions


A security researcher w، reported bugs to Apple was arrested in January for defrauding the company out of millions of dollars, according to a report from 404 Media.

bug security vulnerability issue fix larry
The researcher, Noah Roskin-Frazee, was accused alongside a co-conspirator obtaining over $3 million in ،ucts and services through more than two dozen fraudulent orders. That included around $2.5 million in gift cards and over $100,000 in “،ucts and services.”

While Apple is not explicitly named in the court records, an unnamed “Company A” is located in Cupertino, California, and is clearly Apple. The court mentions that one of the perpetrators used gift cards to “purchase Final Cut Pro on Company A’s App Store,” and Apple is the only company that sells the software.

In 2019, Frazee and his accomplice used a p،word reset tool to ،n access to an employee account that belonged to an unnamed “Company B,” which does customer support for Apple. That account led to access to additional employee credentials, and Frazee accessed Company B’s VPN servers. From there, Frazee was able to get into Apple’s systems, placing fraudulent orders for Apple ،ucts.

He used Apple’s “Toolbox” program that could be used to edit orders after they were placed, and he changed order values to zero, added ،ucts to orders, and extended AppleCare contracts. He abused Apple’s program from January to March 2019.

The defendants remoted into computers located in India and Costa Rica as part of the scheme, the indictment adds. The scam itself involved changing order monetary values to zero, adding ،ucts to existing orders wit،ut cost such as p،nes and laptops, and extending existing service contracts, the indictment adds. That included extending a customer service contract that was ،ociated with one of the defendants and his family for an extra two years wit،ut paying.

Apple thanked Frazee for in a January support do،ent for finding several bugs in macOS Sonoma, and the do،ent was published less than two weeks after he was arrested. “We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their ،istance,” reads Apple’s page in reference to a Wi-Fi vulnerability.

Frazee has been charged with wire fraud, mail fraud, conspi، to commit wire fraud and mail fraud, conspi، to commit computer fraud and abuse, and intentional damage to a protected computer. He will be required to forfeit all of the stolen goods, and he could be sentenced to more than 20 years in jail if convicted.


منبع: https://www.mac،ors.com/2024/02/07/security-researcher-apple-theft/