Insider Header
FocusOn Landscapers | FocusOn Equipment Rentals | FocusOn Mining, Aggregates & Construction | FocusOn Land Improvement Contractors
Spacer
CONTINENTAL
Trending Industry Stories
Spacer
Bioreactors Form a Last Line of Defense against Nitrate Runoff — NRCS
Australian Landscaper Found Guilty Over Role in Plot to Import Cocaine-Filled Excavator
CNH Industrial unveils latest Ag Tech & Smart Farming Firsts
The Ultimate Grinding Force
Bandit Industry Founders Donating $2 Million Classic Car Collection to Benefit Local University
Michigan Farm Bureau Refreshes Water Policy
Talbert Manufacturing Celebrates the Hydraulic Detachable Gooseneck Trailer’s 75th Anniversary
Indiana State Rep. Baird Seeks Farmers’ Input on Land Drainage Issues, Laws
Merlo P72.10PLUS Telehandler. The Telehandler Sweetspot.
Volvo CE Partners On Sweden's Largest Fossil Free Worksite
Japanese Construction Firms Hoping to Attract Talent from eSports to Operate Machinery
Video: The Mesmerizing Motion Of Walking "Spider" Excavators
LICA Educational Foundation for Veterans Names Mayen as Executive Director
Spacer

Spacer
Name*

Spacer
Email*

Spacer
City*

Spacer
State/Province*

Spacer

Spacer
As John Deere Digitizes, Some Experts Worry About Cyber Risks

Original source: Emerging Tech Brew

JDHack21922.png

Photo: Grant Thomas, Article By Grace Donnelly/ Emerging Tech Brew
If you can jailbreak a phone, you can jailbreak a tractor. And if you can jailbreak a John Deere tractor, you can play Doom on its touchscreen.

At DefCon in August, Australian hacker Sick Codes showed how to do just that on John Deere’s 2630 and 4240 model tractors.


While playing a video game on a tractor’s computer system may just seem like a stunt, the demonstration brought up important questions about John Deere’s cybersecurity practices—questions made all the more urgent by its ongoing push to pivot its business model toward software and digital subscriptions.


The company unveiled a self-driving tractor at CES earlier this year and is investing billions of dollars to make farming equipment internet-connected and partially automated—able to make decisions based on analysis of cloud-based datasets managed by the John Deere Operations Center. By 2030, CEO John May expects that 10% of the company’s annual revenue will come from software subscription fees.


“It’s a pretty insecure piece of technology. That might be okay if the tractor wasn’t connected to the internet,” Kyle Wiens, co-founder and CEO of iFixit and a right-to-repair advocate, told us. “The national security problem that we have here is that John Deere owns most of the market, and they have decided in their infinite wisdom to connect most of our nation’s agricultural machinery to the internet.”


The presentation last month wasn’t the first time Sick Codes had circumvented the ag giant’s security. Last year, he hacked into the company’s mainframe, prompting the Department of Homeland Security to get involved, he told Emerging Tech Brew.


In response to questions, John Deere spokesperson Jen Hartmann pointed us to previous statements on cybersecurity.


Growing pains


Transitioning from a tractor company to a “data-harvesting conglomerate, whatever it is,” is a steep learning curve, Sick Codes said, and in his view, John Deere has made some missteps.


“They’ve got a responsibility to take care of the entire food chain,” he said. “They’ve got insane amounts of accountability and they’re also publicly traded. And they’re just not pulling their weight.”


Earlier this year, the FBI warned that farmers and other agricultural businesses could be enticing targets for ransomware attacks.


If a bad actor “wanted to take out America’s agriculture, all you would need to do is run these tractors into the red line and burn their engines out. You wouldn’t even need to drive them,” Wiens said.


Companies often have bug-bounty programs that reward external security researchers and hackers for finding security issues in their products. John Deere established one last year, but the success of the program remains unclear, according to Wiens. John Deere declined to specify how many bug bounties it has processed through its responsible disclosure program.


FROM OUR SPONSOR


Draft the pros: Don’t trust amateurs with your cybersecurity. The NFL enlisted Cisco to defend their network operations before, during, and after the game at Super Bowl LVI—and they’re working on a repeatable and portable security platform for future NFL events. Learn how the NFL builds its defense off the field when you click here.


Automakers are also facing new cybersecurity concerns, but the standards that are becoming widely accepted in the EV industry, for example, are not yet well understood or regulated for other autonomous and connected machinery, David Chaddock, director of cybersecurity at consulting firm West Monroe told us.


“When you talk about all the equipment, it’s almost on a spectrum of more toward the Wild, Wild West,” he said. “Autonomous vehicles, which may or may not be electric—that kind of stuff, there right now is no real federal regulation of ‘you must.’”


The industry also faces a potential challenge of hiring software developers or cybersecurity experts into legacy companies that may  not be perceived as high-tech, Chaddock said.


“Right now, across the board, you’ve got a talent shortage. When it comes to cybersecurity, that’s even more amplified,” Chaddock told us.


Hartmann told us in an emailed statement that the company has opened two “tech hubs” in Austin, TX, and Chicago, as well as working with “several universities” to help attract new tech talent.


Zoom out


Beyond security concerns, Deere’s digitization has put a new strain on a pre-existing issue: longstanding frustration that the company has limited the ability for farmers to fix their own equipment.


Hartmann said via email that in May the company made its diagnostic service tool available to customers and independent repair shops, and that in 2023 it plans to introduce an "enhanced customer solution that includes a mobile device interface and the ability to download secure software updates directly to embedded controllers on select John Deere equipment with 4G connections."


The diagnostic software starts at $1,200 and is a limited version of what Deere technicians themselves have.


“John Deere has diagnostic software on laptops that their technicians have that they will not provide to the farmers,” Wiens said. “So the computer in the tractor will see, ‘Hey, this sensor reading is out of calibration.’ And the tractor just won’t start up.”


Wiens compared the tractor to an iPhone before the App Store, because John Deere allows only its own software to run on its machines.


“If you could, imagine you could make your own version of that diagnostic software tool, run it on the tractor, and you’d be good to go. But the tractor’s locked down. So being able to install and run Doom—it’s a silly example, but it shows that we can run arbitrary code on this thing,” he said.




... GO TO As John Deere digitizes TO READ MORE

Google Email Twitter Linkedin Facebook

Spacer
The FocusOn Group

FocusOn Landscapers
FocusOn Equipment Rentals & Retailers
FocusOn Mining, Aggregates & Construction
FocusOn Land Improvement Contractors
About

The FocusOn Industry Insider, bringing you breaking news and information relevant to your industry.
Contact

We hope you enjoy this no charge service for FocusOn subscribers. Suggestions for making the Insider better? editor@thefocusongroup.com.

Would you like to advertise with us?
Advertising Inquiry
Email to a friend Subscribe Advertise