35 year old Chinese man arrested in Bangkok, driving around populated areas with a SMS blaster with a 3km radio sending 1,000,000 phishing SMS per hour. "Phone users within range received a message stating: “Your 9,268 points are about to expire! Hurry up and redeem your gift
For anyone who wants the technicals:
- This took months
- CPU is NXP imx6
- OS is Wind River Linux 8
- Model John Deere 4240
- The weird graphical artifacts are just Yocto/QT quirks n 3D transparency stuff
- John Deere’s X window display server is g6wm
- Everything runs as root
Finally added the rest of the gang to Docker-OSX
macOS VM's on Linux & Windows (WSL2 btw)!
Full house of VM's for security research:
- Monterey
- Big Sur
- Catalina
- Mojave
- High Sierra
github.com/sickcodes/Dock…
Discord discord.gg/sickchat
Telegram t.me/sickcodeschat
“At the @DefCon security conference in Las Vegas on Saturday, the hacker known as Sick Codes [presented] a new jailbreak for John Deere & Co tractors”
Epic stuff, thank you @lilyhnewman 🥰 & @WIRED#defcon#DEFCON30@JohnDeere
With epic just-in-time help by NZ based doom modder @Skelegant. She helped get this run using DeHacked Doom, since gzdoom was a mission. Together, we teamed up to make this happen. She is amazingly talented.
Ok, so don't be alarmed but this is an iPhone connected remotely to a Docker container of macOS VM running on Linux using @pimskeks's usbfluxd...
Yes, I'm adding it to Docker-OSX... not sure how to feel, but this is too powerful...
Can literally install apps OTA worldwide...
[RELEASE] Leaky John Deere API’s: Serious PII & Food Supply Chain Vulnerabilities Discovered In John Deere Website
Vendor's VDP:
1. I was the only researcher in the program
2. The program was created that day
3. No bounties
4. Non-disclosure
No thanks!
[RELEASE] How we hacked John Deere, Case Industrial and simulated an attack on the GLOBAL food supply chain.
#cantstopthesignal
If you missed it, not to worry, it will be on YouTube (forever!).
Thank you 💚 @defcon#defcon29
Apple was supposed to be in our @DEFCON talk.
We sent them the vulnerability 4 months ago. They contacted us before the talk assuring us that we wouldn’t mention them, and we said, “sure because it’s not fixed yet.”
The vulnerability was discovered using a virtualized MacOS
This tool is hilarious 😂 you can dupe any printed circuit board you want!
(not stealing this board, just testing)
Generates gerber files from images which you can literally upload straight to PCB printer for a few bucks
Amazing reverse engineering tool
imagetogerber.wordpress.com