The hacker “Sick Codes” managed to jailbreak the display/control unit of one of the John Deere Tractor models during DefCon hacking conference.
On August 14th, 2022 at the DEFCON hacking conference, a white hat hacker and infosec researcher going by the online handle of “Sick Codes” demonstrated how the display/control unit of John Deere Tractor can be compromised to take control of a targeted tractor model.
In the researcher’s case, they shared a live video of the popular Doom game being played on the Tractor’s display screen.
“I launched the attack and two minutes later a terminal pops up,” Sick Codes said. “I had root access, which is rare in Deere land.”
It is worth noting that the process requires physical access to the tractor’s circuit board to execute the attack. However, according to the researcher, based on the existing vulnerabilities, it would be possible to develop a tool “to easily execute the jailbreak.”
Since the release of the video, the cyber security community is expressing grave concerns about the possibility of exploitation and possible cyber attacks against farm equipment manufacturer John Deere giant and its customers.
On Twitter, the co-founder, and CEO of the online repair community iFixit and “Right to repair” advocate Kyle Wiens said that “This is just the beginning. Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems.”
Wiens went on to raise his voice in favor of the ongoing right-to-repair movement stating that “John Deere has repeatedly told regulators that farmers can’t be trusted to repair their own equipment. This foundational work will pave the path for farmers to retake control of the equipment that they own.”
As for Sick Codes’ stance on the right to repair; the hacker told Wired that,
We want farmers to be able to repair their stuff for when things go wrong, and now that means being able to repair or make decisions about the software in their tractors.”
What is right to repair movement?
For your information, the right to repair is a movement that is gaining traction in the United States. The aim of the right to repair movement is to give consumers the ability to repair their own electronic devices, rather than being forced to go through the manufacturer.
As farmers and ranchers across the United States face mounting pressure to adopt new technology, they are also grappling with another issue: whether they will have the right to repair their own equipment.
At the heart of the debate is John Deere, one of the largest manufacturers of agricultural equipment in the world. The company has been outspoken in its opposition to the “right to repair” legislation, which would give farmers and other owners of Deere equipment the ability to fix it themselves or take it to an independent repair shop.
Deere argues that such legislation would jeopardize its intellectual property and put customers at risk. The company has also said that it already offers a wide range of services and support for farmers who need to repair their equipment.
According to Sick Codes, it will be important to see what Deere may do to patch the vulnerabilities. The researcher added that it might be possible that the issue can be resolved with full disk encryption which sounds like an impossible task with tractors that are already in use. Nevertheless, if taken seriously, Deere can sort things out in its upcoming tractor models.
Sick Codes with his “Sick” Hacks!
This is not the first time when Sick Codes has come up with a hack that has made headlines worldwide. In 2021, the hacker demonstrated how malicious elements can exploit a plethora of vulnerabilities in tractors to overspray farms in the United States.
- Nintendo Switch Hacked to Run Pirated Games
- Self-driving cars can be fooled by displaying virtual objects
- Wikileaks Vault 7: CIA hacked Smart TVs, Trucks, and Computers
- Tesla cars and smart devices can be unlocked due to Bluetooth Flaws
- Hackers Exploit Tegra Chipset Flaw to Run Linux OS on Nintendo Switch