Security Researcher Allegedly Exploited Internal Apple Tool to Steal Millions

[svish]

Glad to hear that the culprit has been caught.

 

[genovelle]

It's too bad Apple didn't say "Thanks for showing us the bugs in our system that allowed embezzling millions of dollars in products", it would have been an update note for the ages.

This is one of the reasons Apple was always resistant to bug bounty programs. It can attract the attention of crooks and sometimes gives them to much access and information.

 

[Apple_Robert]

Steve Jobs and Steve Wozniak sold blue boxes that hacked the telephone companies to allow people to make free, illegal long distance calls.

And then of course Steve Jobs was involved in the unreported backdating stock options scandal in which he tried to make off with $20 million that would have gone unreported to the IRS if Apple hadn't finally come clean. They admitted to fraudulently concocting a board meeting that never happened during which the stock options were supposedly signed off on.

This is a cut-throat company that has dealt in treachery as a business model from the beginning. I don't lose sleep over them being the victim of the same deceit they practice.

All of that has nothing to do with the subject at hand.

 

[CasinoOwl]

This guy gets millions in fraudulent gift cards, and my account got locked because my family gave me $700 in gift cards for my birthday and Christmas. Apple also blocked accounts for 5 family members for purchasing those cards. Go figure.

 

[DVD9]

and Prof. J. (ZeroClicks.ai Lab)

So Zero Click is an Apple feature given to the Israeli government to access any iPhone on the planet?

 

[ifxf]

You do know that Apple does not see your password ? Most secure systems make seeing the password impossible. Passwords can be changed or reset (as was done in this case) but no one can see the password.

You do know if a hacker can download your encrypted password they can employ high powered computers to crack it.

 

[frifra]

seems pretty complicated, i wonder how they caught him.

His Apple-ID gave it away. 😃

When I worked at Apple during covid I had Toolbox and SAP access. In the course of 6 months I ended up giving away probably $20,000 worth of free stuff by making the price $0.00 (It was my job to give stuff away for customer service/ customer relation cases). The amount of stuff given away was watched very closely, so I'm super surprised it hit the millions in this case without getting caught.

I think he was his own supervisor

 

[Keymaster]

Geeze, read the article. The guy didn’t use bugs he found, he used an existing corporate tool for resetting passwords. Good Lord, some people just can’t get anything right.

Uh, I think you missed the sarcasm in my post...

 

[ProfessionalFan]

some people just can’t get anything right.

Pot calling the kettle black here since you totally missed the point of the post you quoted

 

[avz]

They were probably just building an iron-clad case against him, let’s be real.

The question is why? To send a message that people who will find security bugs will be severely punished? Leave the bugs as intelligence services might need to use them?

I think he was his own supervisor

It is like asking a fat kid to guard the cake.

 

[CarAnalogy]

While Apple is not explicitly named in the court records, an unnamed "Company A" is located in Cupertino, California, and is clearly Apple. The court mentions that one of the perpetrators used gift cards to "purchase Final Cut Pro on Company A's App Store," and Apple is the only company that sells the software.

“A certain student, Lisa S….No, that’s too obvious…Let’s call her L Simpson”

 

[MikB]

You do know if a hacker can download your encrypted password they can employ high powered computers to crack it.

a little old, but still you see a trend in Password cracking speed to the column to the farthest right. What happens with crack time if using sentence passwords with all those types of chars in them? Everything counts, which is why I go over the top with password length and change it now and then.