A recent thread in tech news is BMW’s move to owners of its nickel-and-dim cars with microtransactions, a move so popular that BMW software hacks are now available. This is a shard of a wider debate about modern technology that, from cars to iPhones, in many cases tends to lock the user out of something they apparently own. This is most relevant when it comes to the right to repair old equipment without involving the original manufacturer (and of course overpaying for the privilege).
While the mainstream was horrified at the BMW stuff, anyone who’s ever been near a farm probably wasn’t all that surprised: Farm equipment has screwed them up like that for decades. The largest agricultural production company is John Deere, which makes a variety of machines that run on the company’s own software, which both monitors farmers extremely closely and forces them to involve John Deere if there is a problem. These tractors are designed in such a way that farmers cannot solve problems themselves.
This is a nasty monopoly practice on one level, but its implications are much broader. There’s the simple fact that much of the world’s food supply depends on John Deere equipment, and so large-scale software problems can be catastrophic. John Deere himself may not have plans to do such a thing, but recently it turned out it could ‘brick’ Ukrainian agricultural machinery stolen by the Russians. The scarier prospect is that much of the agricultural industry relies on John Deere to protect its systems from the bad guys.
Most farmers, by now, would probably much prefer a world where they can maintain their own machines and not have to pay technicians to tap a few commands on a tablet. Tough cheese, cheese makers!
The company’s various rationales for its large closed system contain some ridiculous arguments, including that farmers don’t own these tractors, but license themand that excluding farmers is for their own good.
Needless to say, the John Deere system has attracted some attention, and Australian hacker Sickcodes recently gave a presentation at the Defcon security event, held at Caesar’s Forum in Las Vegas, where they jailbreaked the control unit of the public to acclaim. a John Deere tractor. They then demonstrated their control over the system by playing a special farm-modded version of Doom on the hardware.
The Doom Bloom is beautiful, and came about thanks to the help of Doom mud Skelegant (opens in new tab)
Playing doom on a John Deere tractor display (jailbroken/rooted) at @defcon pic.twitter.com/ih0QUTGNuSAugust 14, 2022
With epic just-in-time help from NZ-based doom modder @Skelegant. She helped get this run using DeHacked Doom since gzdoom was a mission. Together we have joined forces to make this happen. She is incredibly talented. pic.twitter.com/OfVDMvRhzRAugust 14, 2022
Fields aside, the implications of this hack could be serious within the agricultural industry. One participant in the talk was prominent tech thinker Cory Doctorow, who went on to write: (opens in new tab):
“While it is true that John Deere’s monopoly on tractors means defects in the company’s products can affect farms around the world, it is also true that John Deere is very, very bad. in information security:”
In essence, John Deere has the entire agricultural industry at hand, justifying it with dubious claims about why the status quo it has built is essential, and has power over farmers to which it is not entitled. As the Ukrainian incident showed, and as Doctorow indicated at the time“this meant that anyone who could hack into John Deere’s system could build any tractor, including, say, the Russian military’s hacking crews.”
Another speaker at the talk was Kyle Wiens, an advocate for the right to repair, who pointed out that the John Deere control unit is built on outdated and unpatched systems:
Sick Codes jailbroken a John Deere, and this is just the beginning. Turns out our entire food system is built on outdated, unpatched Linux and Windows CE hardware with LTE modems. pic.twitter.com/OLDBckluxrAugust 14, 2022
“John Deere has repeatedly told regulators that farmers cannot be trusted to repair their own equipment,” Wiens writes. “This fundamental work will pave the way for farmers to regain control of the equipment they own.”
The jailbreak developed by Sickcodes is not remote, but requires physical access to the equipment. Regardless of hacks, however, John Deere also faces severe pressure from government and regulatory agencies. The European Union announced earlier this year it was in the process of instituting a right to repair, while some US states have already passed their own right to repair laws: The pressure led the company to announce in March that it broaden access to repair tools.
So, this hack runs Doom, and could potentially have huge implications for agribusiness, or at least for farmers fed up with John Deere’s practices. One of Sickcodes’ many findings was that the operating system sent massive amounts of data back to John Deeere (once he had administrator access, the unit attempted to send 1.5GB of data), several security backdoors, including one enabled by placing a empty text file on the disc, and John Deere’s apparent reliance on open source software that may not be used properly under the license terms.
Sickcodes says he is working on a simpler method of performing the hack because his demonstration was quite complex so that more farmers can actually use it. I have messaged him with some follow ups and will update with any responses.
0 Comments