Hacked tractor highlights digital concerns
At a hackers conference in Las Vegas in the U.S last week, a participant, who goes by the handle of ‘Sick Codes’, demonstrated his ability to get the 1993 video game, Doom, to play on a John Deere 4240 control consul.
Software golden oldies
John Deere has been at the forefront of bringing digital technology to farm equipment, and while this hack was restricted to one machine and did not present any threat to the company’s systems overall, it is an embarrassing reminder that electronics remain vulnerable to outside interference.
There are several lessons to be learnt from this demonstration, the first of which is that the company relies on what might be considered outdated software to run the onboard systems.
Chief among these is Windows CE, an operating system that Microsoft licenced out to original equipment manufacturers (OEMs) so that they might develop it to suit their own requirements. Official support for the software will be withdrawn in 2023.
In a published telephone interview, ‘Sick Codes’ noted that he set out to investigate the digital vulnerability of the whole food supply chain infrastructure, because nobody else was doing so, and he was not reassured by what he found.
Other than the soon to be unsupported Windows operating system, he apparently found that much of the food system software is built on outdated, unpatched Linux coding.
Presently we only have one hacker bringing this to our attention, but demonstrating the ability to run an early version of Doom on a consul that we are told is totally secure, suggests that there is some meat in his assertions.
Boost for right to repair
The fact that he was able to get round the software locks installed by John Deere’s engineers has cheered the right to repair groups in the U.S.
‘Sick Codes’ had already tested Deere’s software and found flaws that the company has since patched, leading to the criticism from the ‘right to repair’ movement that he was helping the manufacturer close the loopholes.
This time, however, he has has penetrated the core of the system and shown that the locks and patches can be evaded, making adjustment to the code possible. Physical access to the tractor was, though, required to do so.
Choice of Doom
Running a version of Doom that had been modified to include a farming theme was a clever move, for it comes from the early 1990s, as does Linux and Microsoft CE, enabling the less technically-minded to visualise the age of the software upon which we rely.
It was also brought to the attention of conference goers that John Deere has incorporated open licence software into its overall systems and by doing so, it is contractually bound to make it public.
Whether it has done so or not is a question that is being asked by a growing number within the computing world and the company may yet find itself being sued for not complying with the licence agreements.
Head above the parapet
John Deere has been the most vociferous in both promoting digitalisation and defending the practice of restricting the repair of tractors to its dealers; it has therefore become a natural target within both the world of computing and DIY mechanics.
Yet it is unlikely to be the only company that has this sort of software at the core of its systems and other manufacturers must be watching developments with alarm.
We are told that Agriculture 4.0 is the great digital roadmap that will have farming embedded in a super efficient matrix of data transfer and automation.
This latest hack, following on from the AGCO ransomware attack of May, suggests that we should be very careful at putting all our eggs in just the one leaky basket.