Security Researcher Allegedly Exploited Internal Apple Tool to Steal Millions

by

A security researcher who reported bugs to Apple was arrested in January for defrauding the company out of millions of dollars, according to a report from 404 Media.

bug security vulnerability issue fix larry
The researcher, Noah Roskin-Frazee, was accused alongside a co-conspirator obtaining over $3 million in products and services through more than two dozen fraudulent orders. That included around $2.5 million in gift cards and over $100,000 in "products and services."

While Apple is not explicitly named in the court records, an unnamed "Company A" is located in Cupertino, California, and is clearly Apple. The court mentions that one of the perpetrators used gift cards to "purchase Final Cut Pro on Company A's App Store," and Apple is the only company that sells the software.

In 2019, Frazee and his accomplice used a password reset tool to gain access to an employee account that belonged to an unnamed "Company B," which does customer support for Apple. That account led to access to additional employee credentials, and Frazee accessed Company B's VPN servers. From there, Frazee was able to get into Apple's systems, placing fraudulent orders for Apple products.

He used Apple's "Toolbox" program that could be used to edit orders after they were placed, and he changed order values to zero, added products to orders, and extended AppleCare contracts. He abused Apple's program from January to March 2019.

The defendants remoted into computers located in India and Costa Rica as part of the scheme, the indictment adds. The scam itself involved changing order monetary values to zero, adding products to existing orders without cost such as phones and laptops, and extending existing service contracts, the indictment adds. That included extending a customer service contract that was associated with one of the defendants and his family for an extra two years without paying.

Apple thanked Frazee for in a January support document for finding several bugs in macOS Sonoma, and the document was published less than two weeks after he was arrested. "We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance," reads Apple's page in reference to a Wi-Fi vulnerability.

Frazee has been charged with wire fraud, mail fraud, conspiracy to commit wire fraud and mail fraud, conspiracy to commit computer fraud and abuse, and intentional damage to a protected computer. He will be required to forfeit all of the stolen goods, and he could be sentenced to more than 20 years in jail if convicted.

Popular Stories

iCloud General Feature Redux

iPhone Users Who Pay for iCloud Storage Receive an All-New Perk

Thursday February 6, 2025 11:21 am PST by
If you pay for iCloud storage on your iPhone, Apple has a new perk for you, at no additional cost. iCloud+ is the official name for Apple's paid iCloud storage plans, which range from 50GB for $0.99 per month to 12TB for $59.99 per month in the United States. iCloud+ plans already come with multiple perks for free, such as Hide My Email and HomeKit Secure Video, and now there is another one...
Read Full Article
2007 iPhone

Apple Discontinuing This 18-Year-Old iPhone Feature

Saturday February 8, 2025 3:51 pm PST by
The end of an 18-year era is on the horizon for the iPhone. Apple reportedly plans to announce a new iPhone SE as soon as next week, and the device is expected to feature a full-screen design with Face ID, instead of a Touch ID home button. That means Apple will no longer sell any new iPhone models with a home button, for the first time since the original iPhone launched. The home button...
Read Full Article
iOS 18

iOS 18.4 Will Include These New Features for Your iPhone

Wednesday February 5, 2025 7:15 am PST by
iOS 18.3 was released last month, so the first iOS 18.4 beta should be coming soon. iOS 18.4 is expected to be a more substantial update for the iPhone, with several new features and changes related to Apple Intelligence and beyond. Apple's website suggests that iOS 18.4 will be released in April, following beta testing. Below, we outline what to expect from the update so far. Apple...
Read Full Article
iPhone SE 4 Single Camera Thumb

iPhone SE 4 Launching as Soon as Next Week

Thursday February 6, 2025 3:30 pm PST by
Apple's next-generation iPhone SE could debut as soon as next week with a launch to follow later in February, reports Bloomberg's Mark Gurman. Apple isn't expected to hold an event for the iPhone SE 4, and will instead unveil the device through a press release. The iPhone SE 4 is expected to have an iPhone 14-style design, with Apple eliminating the thick bezels and Touch ID Home button of...
Read Full Article156 comments
iCloud General Feature Redux

Apple Ordered by UK to Create Global iCloud Encryption Backdoor

Friday February 7, 2025 2:37 am PST by
The British government has secretly demanded that Apple give it blanket access to all encrypted user content uploaded to the cloud, reports The Washington Post. The undisclosed order is said to have been issued last month, and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before...
Read Full Article296 comments
iOS 18

iOS 18.3.1 Update Coming Soon for iPhones

Thursday February 6, 2025 7:31 am PST by
Apple is internally testing iOS 18.3.1 for iPhones, according to our website's analytics logs, which have been a consistently reliable indicator of upcoming iOS versions. The software update should be released within the next few weeks. iOS 18.3.1 should be a minor update that addresses software bugs and/or security vulnerabilities. Apple Intelligence notification summaries for news and...
Read Full Article35 comments
Apple Leak Feature

Apple Leaker Issues Apology: 'Profound and Expensive Mistake'

Friday February 7, 2025 9:21 am PST by
Last year, we reported that Apple sued its former software engineer Andrew Aude for providing journalists with confidential information about the company's future plans, including details about the Journal app, Vision Pro headset, and more. As reported by 9to5Mac, the Superior Court of Santa Clara County on Thursday dismissed the lawsuit after Apple and Aude reached an agreement to resolve...
Read Full Article132 comments
imac video apple feature

Apple to Announce New Products Next Week

Saturday February 8, 2025 10:55 am PST by
Apple has yet to release any new devices in 2025, but at least two new products are expected to be announced next week, according to rumors. Below, we outline the new Apple products that are likely to be unveiled next week. iPhone SE 4 Apple plans to announce the long-rumored iPhone SE 4 as soon as next week, according to Bloomberg's Mark Gurman. The new iPhone SE is rumored to...
Read Full Article

Top Rated Comments

swingerofbirch Avatar
swingerofbirch
13 months ago

If found guilty, I hope he has to serve the max sentence allowed. What a scum bag.
Steve Jobs and Steve Wozniak sold blue boxes that hacked the telephone companies to allow people to make free, illegal long distance calls.

And then of course Steve Jobs was involved in the unreported backdating stock options scandal in which he tried to make off with $20 million that would have gone unreported to the IRS if Apple hadn't finally come clean. They admitted to fraudulently concocting a board meeting that never happened during which the stock options were supposedly signed off on.

This is a cut-throat company that has dealt in treachery as a business model from the beginning. I don't lose sleep over them being the victim of the same deceit they practice.
Score: 37 Votes (Like | Disagree)
antiprotest Avatar
antiprotest
13 months ago
He should get $10,000 reduced from his sentence as a bounty for finding the security issue.
Score: 21 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
13 months ago
If found guilty, I hope he has to serve the max sentence allowed. What a scum bag.
Score: 11 Votes (Like | Disagree)
japanime Avatar
japanime
13 months ago

Whoever could company “a” be? Hint hint.
I'm more interested in finding out who "Company B" is. Would be nice to know to whom (and where) Apple is outsourcing its support.
Score: 8 Votes (Like | Disagree)
MacTwick Avatar
MacTwick
13 months ago
When I worked at Apple during covid I had Toolbox and SAP access. In the course of 6 months I ended up giving away probably $20,000 worth of free stuff by making the price $0.00 (It was my job to give stuff away for customer service/ customer relation cases). The amount of stuff given away was watched very closely, so I'm super surprised it hit the millions in this case without getting caught.
Score: 8 Votes (Like | Disagree)
xizdun Avatar
xizdun
13 months ago

perpetrators used gift cards to "purchase Final Cut Pro on Company A's App Store ('https://www.macrumors.com/guide/app-store/')," and Apple is the only company that sells the software.
looool. That cracked me up. Prosecutors doing a search-and-replace for "Apple" and "Company A". ??
Score: 6 Votes (Like | Disagree)
Read All Comments