In the face of mounting pressure, John Deere announced in March that it would provide more repair software to equipment owners. The company also said at the time that it would release an “enhanced customer solution” next year so that customers and mechanics can download and apply official software updates for Deere equipment themselves, rather than having John Deere unilaterally apply patches remotely or force farmers to bring Come product to an authorized dealer.
“Farmers prefer old equipment just because they want reliability. They don’t want problems during the most important time of the year when they have to dig things out of the ground, “Sick Codes said. “So that’s what we should all want as well. We want farmers to be able to fix their stuff when something goes wrong, and now that means being able to fix or decide on the software in the tractor.”
Development With his jailbreak, Sick Codes gained access to countless generations of John Deere tractor-controlled touchscreen consoles. But in the end he focused on several models, including the widely deployed 2630 and 4240 models, for the vulnerabilities he showed. It took months of experimenting on multiple touchscreen boards to find a way to bypass the John Deere dealership authentication requirement, but eventually Sick Codes was able to restore the device with a reboot check as if it was being used by a certified dealership Same as business access.
He found that when the system thought it was in such an environment, it provided more than 1.5 GB of logs designed to help authorized service providers diagnose problems. The logs also revealed another path to a potential timing attack that could grant deeper access. Sick Codes soldered the controller directly to the circuit board, ultimately allowing his attack to bypass the system’s protections.
“I launched the attack and two minutes later a terminal popped up,” Sick Codes said of the program used to access the computer’s command-line interface. “I have root access, which is rare in the Deere world.”
This method requires physical access to the board, but Sick Codes says it is possible to develop a vulnerability-based, Easier to perform jailbreak. For the most part, he said he was curious to see how John Deere would react. He’s not sure how comprehensively the company could patch the vulnerability without implementing full-disk encryption, an addition that would mean a major system overhaul in new tractor designs and likely won’t be deployed in existing equipment.
But once the Sick Codes exploit works, what’s the first priority? Of course, running a custom farm theme Doom on the tractor.
Update Thu, Aug 18, 2022 12:15PM ET: John Deere sent the following statement to WIRED: “John Deere’s first priority is to protect us of our customers, their machines and their data and will always be protecting our customers, their machines and their data. Sick Codes in his recent talk at DEF CON was through intrusive/persistent physical access, hardware Obtained from disassembly of the product and reverse engineering of proprietary software. There is no risk to customer or reseller equipment, networks or data at any time.
“Any researcher, if obtained without Restricted physical access and time, ultimately adversely affects the operation of the device, and no company, including John Deere, is immune to such access. However, we are deeply committed and tireless to protect our customers and the role they play in the global food supply chain. In addition to a dedicated team of more than 300 product and information security professionals, we work closely with industry-leading cybersecurity partners such as HackerOne and embrace the broader ethical hacking community to ensure our security capabilities continue to lead the industry. ”
