According to online sources, researcher Noah Roskin-Frazee, who was searching for vulnerabilities in Apple products, was arrested last month. He is accused of stealing goods and services worth more than $3 million from the company during his collaboration with the IT giant. Together with an accomplice, Frazee stole Apple gift cards worth $2.5 million, company goods worth $100 thousand, etc.
Apple is not directly mentioned in the court documents. Along with this, “Company A” appears there, located in Cupertino, California. It also mentions that one of the alleged criminals used gift cards to purchase Final Cup Pro on the App Store, and Apple is the only company selling the app.
In 2019, Frazee and an accomplice reportedly used a password reset tool to gain access to the account of an employee of an unnamed “Company B,” which handles Apple customer support. Due to this, they gained access to additional employee credentials and VPN servers of “Company B”. With their help, Frazee was able to penetrate Apple’s systems and place fraudulent orders for the company’s products.
The scammer used the Toolbox utility, which allows you to edit orders after they are placed. With her help, Frazee reset the cost of orders, added new items to orders and extended his AppleCare insurance. Fraudulent activity using Toolbox occurred between January and March 2019. It was also established that the defendants connected to computers located in India and Costa Rica, and their main goal was to reset the value of orders and add new products to them, including smartphones and laptops.
Interestingly, in January of this year, Apple thanked Frazee for discovering several vulnerabilities in macOS Sonoma, and this document was published less than two weeks after the arrest of the researcher. Frazee faces multiple fraud charges and faces more than 20 years in prison if convicted.