Security Researcher Allegedly Exploited Internal Apple Tool to Steal Millions

A security researcher who reported bugs to Apple was arrested in January for defrauding the company out of millions of dollars, according to a report from 404 Media.

bug security vulnerability issue fix larry
The researcher, Noah Roskin-Frazee, was accused alongside a co-conspirator obtaining over $3 million in products and services through more than two dozen fraudulent orders. That included around $2.5 million in gift cards and over $100,000 in "products and services."

While Apple is not explicitly named in the court records, an unnamed "Company A" is located in Cupertino, California, and is clearly Apple. The court mentions that one of the perpetrators used gift cards to "purchase Final Cut Pro on Company A's App Store," and Apple is the only company that sells the software.

In 2019, Frazee and his accomplice used a password reset tool to gain access to an employee account that belonged to an unnamed "Company B," which does customer support for Apple. That account led to access to additional employee credentials, and Frazee accessed Company B's VPN servers. From there, Frazee was able to get into Apple's systems, placing fraudulent orders for Apple products.

He used Apple's "Toolbox" program that could be used to edit orders after they were placed, and he changed order values to zero, added products to orders, and extended AppleCare contracts. He abused Apple's program from January to March 2019.

The defendants remoted into computers located in India and Costa Rica as part of the scheme, the indictment adds. The scam itself involved changing order monetary values to zero, adding products to existing orders without cost such as phones and laptops, and extending existing service contracts, the indictment adds. That included extending a customer service contract that was associated with one of the defendants and his family for an extra two years without paying.

Apple thanked Frazee for in a January support document for finding several bugs in macOS Sonoma, and the document was published less than two weeks after he was arrested. "We would like to acknowledge Noah Roskin-Frazee and Prof. J. (ZeroClicks.ai Lab) for their assistance," reads Apple's page in reference to a Wi-Fi vulnerability.

Frazee has been charged with wire fraud, mail fraud, conspiracy to commit wire fraud and mail fraud, conspiracy to commit computer fraud and abuse, and intentional damage to a protected computer. He will be required to forfeit all of the stolen goods, and he could be sentenced to more than 20 years in jail if convicted.

Popular Stories

best buy holiday

Best Buy Reveals Black Friday Plans With Sitewide Sales Available Now

Friday November 8, 2024 10:05 am PST by
Black Friday sales are continuing today with Best Buy kicking off early Black Friday deals that will last for the next few days. Similar to other retailers, Best Buy's early Black Friday event includes sitewide savings on Apple products, headphones, TVs, monitors, video games, and more. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may...
mac mini thermal architecture feature

New Mac Mini Has Modular Storage, 256GB Model Will Have Faster SSD

Friday November 8, 2024 7:06 am PST by
Apple has returned to using two 128GB storage chips in the new Mac mini with 256GB of storage, according to a partial teardown video shared on social media today. This means the base-model Mac mini with the M4 chip will not have significantly slower SSD speeds compared to higher-end configurations of the computer with 512GB, 1TB, or 2TB of storage, as multiple NAND chips allows for faster SSD...
General Final Cut Pro Feature

Apple Likely to Announce Final Cut Pro Update This Week With These New Features

Sunday November 10, 2024 12:13 pm PST by
In its announcement video for the new Mac mini last month, Apple teased an "upcoming" version of Final Cut Pro for the Mac. Apple will likely announce the update during the annual Final Cut Pro Creative Summit, which begins this Wednesday. The conference is held in association with Apple, and attendees will be visiting Apple Park on the first day. Apple already teased four new features...
Generic iOS 18

Everything New in iOS 18.2 Beta 2

Monday November 4, 2024 12:34 pm PST by
Apple today seeded the second betas of upcoming iOS 18.2 and iPadOS 18.2 updates to developers, and Apple is continuing to refine the Apple Intelligence capabilities. There are also a handful of smaller features that are worth knowing about. Find My Find My has a new option to Share Item Location with an "airline or trusted person" that can help you locate something that you've misplaced....
iphone passcode green

Cops Suspect iOS 18 iPhones Are Communicating to Force Reboots, Making Unlocking Harder

Thursday November 7, 2024 2:20 pm PST by
Law enforcement officials in Detroit, Michigan are warning other police officers about an alleged iPhone change that causes Apple devices stored for forensic examination to spontaneously restart, reports 404 Media. iPhones that are undergoing examination have apparently been rebooting, which makes them harder to unlock with brute force methods, and Michigan police think that it's due to a...
AirPods Pro Firmware Feature

Apple Releases Firmware Updates for AirPods Pro 2 and AirPods 4

Monday November 11, 2024 11:28 am PST by
Apple today released firmware updates for both AirPods 4 models (version number 7B20) and the AirPods Pro 2 with both Lightning and USB-C charging cases (version number 7B21). All of these AirPods models were previously on firmware version 7B19. It is not immediately clear what new features or changes are included in firmware versions 7B20 and 7B21, but we will update this story if we find...
iphone 6 thickness

iPhone 17 'Air' May Not Be Much Thinner Than iPhone 6

Monday November 11, 2024 5:18 am PST by
Next year's iPhone 17 "Air" model may not be as thin as Apple planned, according to a rumor originating in Korea. According to the news aggregator account "yeux1122" on Naver, citing industry sources, Apple has run into problems making the new iPhone 17 model sufficiently thin. The device's reduced thickness is apparently dependent on manufacturing a battery with a thinner substrate, but...
maxresdefault

Hands On With Apple's New M4 Mac Mini

Friday November 8, 2024 12:21 pm PST by
Apple launched the new Mac mini, iMac, and MacBook Pro models with M4 chips today, and because the Mac mini is the only one of the machines that got a design update, we thought we'd check it out to see how it compares to the prior version. Subscribe to the MacRumors YouTube channel for more videos. The 2024 version of the Mac mini is much smaller than the previous M2 model, so it takes up...

Top Rated Comments

swingerofbirch Avatar
10 months ago

If found guilty, I hope he has to serve the max sentence allowed. What a scum bag.
Steve Jobs and Steve Wozniak sold blue boxes that hacked the telephone companies to allow people to make free, illegal long distance calls.

And then of course Steve Jobs was involved in the unreported backdating stock options scandal in which he tried to make off with $20 million that would have gone unreported to the IRS if Apple hadn't finally come clean. They admitted to fraudulently concocting a board meeting that never happened during which the stock options were supposedly signed off on.

This is a cut-throat company that has dealt in treachery as a business model from the beginning. I don't lose sleep over them being the victim of the same deceit they practice.
Score: 37 Votes (Like | Disagree)
antiprotest Avatar
10 months ago
He should get $10,000 reduced from his sentence as a bounty for finding the security issue.
Score: 21 Votes (Like | Disagree)
Apple_Robert Avatar
10 months ago
If found guilty, I hope he has to serve the max sentence allowed. What a scum bag.
Score: 11 Votes (Like | Disagree)
japanime Avatar
10 months ago

Whoever could company “a” be? Hint hint.
I'm more interested in finding out who "Company B" is. Would be nice to know to whom (and where) Apple is outsourcing its support.
Score: 8 Votes (Like | Disagree)
MacTwick Avatar
10 months ago
When I worked at Apple during covid I had Toolbox and SAP access. In the course of 6 months I ended up giving away probably $20,000 worth of free stuff by making the price $0.00 (It was my job to give stuff away for customer service/ customer relation cases). The amount of stuff given away was watched very closely, so I'm super surprised it hit the millions in this case without getting caught.
Score: 8 Votes (Like | Disagree)
xizdun Avatar
10 months ago

perpetrators used gift cards to "purchase Final Cut Pro on Company A's App Store ('https://www.macrumors.com/guide/app-store/')," and Apple is the only company that sells the software.
looool. That cracked me up. Prosecutors doing a search-and-replace for "Apple" and "Company A". ??
Score: 6 Votes (Like | Disagree)