A security researcher who has reported multiple vulnerabilities to Apple has been charged with allegedly breaking into a system connected to Apple’s backend, according to 404 Media (a subscription is required to read the entire article).
He then used that access to defraud the tech giant out of US$2.5 million worth of gift cards and electronics, according to recently unsealed court records. Interestingly, 404 Media says that Apple explicitly thanked the defendant, Noah Roskin-Frazee, in a security update document on January 22, nearly two weeks after he was arrested. An alleged co-conspirator was also charged.
From 404 Media: The defendants remoted into computers located in India and Costa Rica as part of the scheme, the indictment adds. The scam itself involved changing order monetary values to zero, adding products to existing orders without cost such as phones and laptops, and extending existing service contracts, the indictment adds. That included extending a customer service contract that was associated with one of the defendants and his family for an extra two years without paying.
In the aforementioned security update document, Apple said, “We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance.”
