Security Researcher Swindles Apple Out Of $2.5 Million – Here’s The Full Story – News18

0
12
Security Researcher Swindles Apple Out Of $2.5 Million – Here’s The Full Story – News18


Turns out, even Apple can get scammed.

Roskin-Frazee recognized a vulnerability in Apple’s backend system, generally known as Toolbox, after which launched an escalation assault to steal items value round $2.5 million from the corporate’s backend.

A notable safety researcher, recognised even by Apple for uncovering vulnerabilities, has allegedly deceived the tech large, stealing merchandise valued at roughly $2.5 million via fraudulent means.

In an ironic flip of occasions, Noah Roskin-Frazee, affiliated with ZeroClicks Lab, obtained appreciation from Apple for his position in figuring out a safety flaw. Apple expressed gratitude, stating, “We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance.”

But by the point Apple had thanked him, the particular person, as reported by 404Media, had already been arrested for scamming Apple out of $2.5 million by stealing iPhones, Macs, and even reward playing cards.

How did he handle to tug it off?

Roskin-Frazee had recognized a vulnerability in Apple’s backend system generally known as Toolbox. Then collaborating with Keith Latteri, one other researcher, they executed an escalation assault on the corporate’s backend. Subsequently, following a collection of steps, they gained entry to Toolbox.

They even bought entry to an worker account of a 3rd-get together firm that was serving to Apple with buyer help. Then, below false identities, the duo positioned orders for numerous Apple merchandise, manipulating the sum payable to zero {dollars}. This allowed them to obtain iPhones, laptops, and reward playing cards with none price.

This is definitely a weird case, particularly as a result of Apple thanked him two weeks put up his arrest. The report additionally stated that the one of many two researchers additionally went on to increase the Apple Care subscription for himself and his household, allegedly revealing their id.



Source hyperlink