peasants around the village the world has turned to hacking tractors to bypass the digital locks that manufacturers put on their vehicles. This allows farmers to modify and repair expensive equipment vital to their operations, just as they do with analog tractors. At the DefCon security conference in Las Vegas on Saturday, a hacker known as Sick Codes is unveiling a new jailbreak for John Deere & Co tractors that allows him to control multiple models via their touchscreens.
The finding highlights the implications for the security of the right to repair. The detected unsafe tractor operating codes are not a remote attack, but the vulnerabilities represent a fundamental vulnerability in the devices that can be exploited by attackers or potentially linked to other vulnerabilities. The security of the agricultural industry and the food supply chain is critical, as incidents such as the JBS Meat ransomware attack in 2021 have shown. At the same time, vulnerabilities like those discovered by Sick Codes help farmers do what they need to with their own equipment.
John Deere did not respond to WIRED’s request for comment on the study.
Sick Codes, an Aussie living in Asia, presented at DefCon 2021 about tractor programming interface and operating system bugs. After he published his research, tractor companies, including John Deere, began to correct some of the shortcomings. “The right-to-repair side was a little bit against what I was trying to do,” he tells WIRED. “I heard from some farmers; one guy emailed me and said “you’re screwing up all our stuff!” So I decided I was going to put my money where my mouth was and actually prove to farmers that they could eradicate the tools.”
This year, Sick Codes says that while it is primarily concerned with global food security and the impact of vulnerable farm equipment, it also sees the importance of giving farmers full control over their own equipment. “Free the tractors!” he says.
After years of controversy in the United States over the right to repair, the movement appears to have reached a tipping point. Last year, the White House issued an executive order ordering the Federal Trade Commission to step up efforts to enforce practices such as voiding warranties on exterior repairs. This, combined with New York State’s passage of its own right-to-repair law and pressure from creative activists, has combined to create unprecedented momentum for right-to-repair. Facing mounting pressure, John Deere announced in March that it would make more repair software available to equipment owners. At the time, the company also said it would release an “enhanced customer solution” next year so that customers and mechanics can download and apply official software updates for Deere equipment themselves, rather than John Deere unilaterally applying patches remotely or forcing farmers to do so. bring products to authorized dealers.
“Farmers prefer older equipment simply because they need reliability, they don’t want something to go wrong during the most important part of the year when they have to get things out of the ground,” says Sick Codes. “So that’s something we should all want as well. We want farmers to be able to repair their machinery if something goes wrong, and now that means being able to repair or make decisions about the software in their tractors.”
