"Sick Codes Jailbreaks Tractor at DefCon in Right-To-Repair Move"

A hacker by the name of "Sick Codes" demonstrated a new jailbreak for a John Deere tractor at DefCon, which enabled him to control a tractor model through its display. Following the presentation of the exploit at DefCon, it quickly gained attention from advocates of the right-to-repair movement, including farmers who want to modify their expensive farm equipment. Others are concerned that the hack demonstrates the vulnerability of the entire food production system. Kyle Wiens, CEO of iFixit and a right-to-repair supporter, stated that the entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems. Wiens considers the demonstrated hack foundational work that will pave the way for farmers to reclaim control of their equipment. Sick Codes was able to show a corn-themed version of " Doom" running on a John Deere tractor display. According to a tweet sent by Sick Codes after the event, the exploit was not a remote attack and was demonstrated on a Model 4240 John Deere. The hacker explained that his jailbreak took several months to bypass John Deere's dealer authentication requirement before he was able to game a reboot check to restore the device as if a certified dealer accessed it. He discovered that the system would provide logs to assist authorized dealers in diagnosing problems, as well as a path to another timing attack for deeper access. He was eventually able to bypass the system protections by soldering controllers directly onto the circuit board. According to Sick Codes, Deere might be able to patch the flaws with full disk encryption, a significant system overhaul. This article continues to discuss the demonstrated hacking of a John Deere tractor.

Fierce Electronics reports "Sick Codes Jailbreaks Tractor at DefCon in Right-To-Repair Move"