[ad_1]
New Delhi,UPDATED: February 8, 2024 09:59 IST
In a surprising twist, a security researcher who is often praised for helping Apple find software problems allegedly exploited a major security hole to defraud the company out of $2.5 million.
Apple had previously thanked Noah Roskin-Frazee, who works at ZeroClicks Lab, for his help finding problems with its software. But now, he’s in trouble for using a loophole in Apple’s system called Toolbox to pull off a huge scam, according to a report from 404 media.
Here’s how it happened: Noah and his friend Keith supposedly found a way to sneak into the Toolbox, which is where Apple manages orders that are on hold. They did this by tricking a different company that helps Apple with customer service and then used that access to get into Apple’s system.
“During the course of the scheme, the defendant and co-conspirators attempted to fraudulently obtain more than $3 million in products and services from Company A (Apple) through more than two dozen fraudulent orders,” the statement reads. accusation. For the orders that were completed, the defendants obtained about $2.5 million in electronic gift cards and more than $100,000 in “products and services,” he adds. Many of these gift cards and products were then resold to third parties, the indictment says,” the report mentions.
Once inside, they began to mess with the orders. They changed the prices to zero and added extra things without paying for it. They even got free gift cards, which they could use themselves or sell for profit.
The weirdest part? Even though they were trying to cover their tracks using fake names and addresses, one of them apparently used the system to extend their AppleCare contract for themselves and their family.
This whole situation is important because it’s not just about the money Apple lost. It’s also about trust. People like Noah are supposed to help keep Apple’s systems secure, not take advantage of them for personal gain.
As investigations continue, everyone involved is waiting to see what happens next.