Apple Security Breach: Researcher Exploits System, Steals Millions
Home » Business » Apple Security Breach: Researcher Exploits System, Steals Millions

Apple Security Breach: Researcher Exploits System, Steals Millions

by

Jakarta

Researchers who have helped Apple identified a security hole instead exploiting one of the loopholes to steal from Apple. The security researcher’s actions cost the iPhone manufacturer millions of dollars.

Noah Roskin-Frazee, a security researcher from ZeroClicks Lab, collaborated with another researcher named Keith Latteri to exploit Apple’s system and make off with more than USD 3 million or around Rp. 46 billion through dozens of fake orders.

The amount taken away included USD 2.5 million in gift cards and more than USD 100,000 in products and services. This fraud scheme ran from January to March 2019.

According to a 404 Media report, Roskin-Frazee discovered a security flaw in Apple’s backend system called Toolbox. This system is used to hold orders, and while they are on hold they can be edited.

Roskin-Frazee and Latteri are said to have used escalation attacks to access these systems. First, they used a password reset tool to access the accounts of employees working at Company B. The company was known to be a third-party consumer services provider for Apple.

The account was used to access other accounts at Company B, one of which provided access to the VPN server. From there, they can access Apple’s Toolbox system.

After that, they created a fake order using a fake name, and used the Toolbox system to change the amount to be paid to USD 0. They also added a device Apple into those orders, such as iPhones and Macs, so they can get those products without paying any fees.

Roskin-Frazee and Latteri also made fake orders for gift cards and extended AppleCare contracts for two years without paying. Well, it was the extension of the AppleCare contract that made their actions discovered because one of Roskin-Frazee and Latteri used their real names in the order.

Even though Apple previously thanked Roskin-Frazee for finding several security holes in macOS Sonoma. The thanks were given less than a week after Roskin-Frazee was arrested for his fraud, as quoted from MacRumors, Thursday (15/2/2024).

Roskin-Frazee was charged with wire fraud, mail fraud, conspiracy to commit wire fraud and mail fraud, conspiracy to commit computer fraud and misuse, and intentional damage to a protected computer.

Roskin-Frazee will be asked to return all the stolen items. If found guilty, he faces a prison sentence of more than 20 years.

Watch Video “Apple Beats Samsung for Global Shipping”

(vmp/fay)

2024-02-15 15:35:51
#Apple #Deceived #Security #Researchers #IDR #Billion

Related posts:

Customer Shouts Loss, This is Prudential's response
Taxes, debts, community of heirs: What you need to consider when inheriting real estate
Renault has unveiled the name of the new SUV, Austral will become Kadjar's successor
Global market research report and business growth analysis by key countries given with size, share, ...
Former NYPD Officer Arrested for DWI and Causing Death of Pablo Rivera in Long Island Crash

Former NYPD Officer Arrested for DWI and Causing Death of Pablo Rivera in Long Island Crash

Microsoft’s New Cross-Platform Gaming Strategy and Xbox Announcements Unveiled

Microsoft’s New Cross-Platform Gaming Strategy and Xbox Announcements Unveiled

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.