A security researcher, previously praised for assisting Apple in identifying software issues, has exploited a significant security loophole to defraud the company of $2.5 million.
Noah Roskin Freizi, an employee at Zero Clicks Labs, utilized a flaw in Apple’s “Toolbox” system to orchestrate a major scam. Together with his accomplice Keith, they infiltrated Toolbox, a platform used by Apple to manage pending orders. Initially, they deceived another company that provides customer service for Apple before leveraging this access to penetrate Apple’s system.
Apple’s indictment against the security researcher alleges an attempt to obtain over $3 million through more than twenty fraudulent requests. From the completed requests, the defendants secured approximately $2.5 million in electronic gift cards and over $100,000 in products and services.
Many of these gift cards and products were subsequently resold to third parties. Despite their efforts to conceal their identities with fake names and addresses, one of the fraudsters used the system to extend their own Apple Care contract and that of their family, which aided in uncovering the fraud.
The case is not only about the financial loss to Apple but also concerns the breach of trust granted to the security expert to help maintain the security of the company’s systems. Investigations are ongoing, and all parties involved in the case await the outcomes and actions to be taken against the fraudsters.