New Delhi: In a stunning turn of events, a prominent security researcher who had previously been recognized by Apple for their contributions in uncovering vulnerabilities now finds themselves at the center of controversy. Accusations have surfaced alleging that this individual engaged in deceptive practices to defraud the tech giant, purportedly acquiring products worth approximately $2.5 million through fraudulent means.
Noah Roskin-Frazee, who is associated with ZeroClicks Lab received recognition from Apple for helping identify a security flaw. Apple thanked Noah Roskin-Frazee and Prof. J. from ZeroClicks.ai Lab for their assistance. (Also Read: Google Takes Action Against Misinformation In Europe; Check Details)
However, according to 404Media, the individual had already been arrested for allegedly scamming Apple out of $2.5 million by stealing iPhones, Macs, and gift cards by the time Apple expressed gratitude towards them. (Also Read: A Comprehensive Tech Guide For Valentine’s Day)
The Breach: How Roskin-Frazee and Latteri Exploited Apple’s System
Roskin-Frazee discovered a vulnerability in Apple’s backend system called Toolbox. Working together with Keith Latteri, another researcher, they performed an escalation attack on the company’s backend. After a series of steps they managed to gain access to Toolbox.
They even got access to an employee account of a third-party company that was helping Apple with customer support. Then, under false identities, the duo placed orders for various Apple products, manipulating the sum payable to zero dollars. This allowed them to procure iPhones, laptops, and gift cards without any cost.
They even accessed an employee account of a third-party company assisting Apple with customer support. Using false identities, they placed orders for various Apple products, manipulating the payable sum to zero dollars. This enabled them to obtain iPhones, laptops, and gift cards without any cost.
This case presents a startling sequence of events, particularly with Apple expressing gratitude to the individual just two weeks after their arrest. Furthermore, reports indicate that one of the researchers took further audacious steps by extending an Apple Care subscription for themselves and their family, potentially exposing their identity in the process.
