3 min Security

Jailbreak bug in John Deere tractors drives right-to-repair wave

Jailbreak bug in John Deere tractors drives right-to-repair wave

A hacker managed to jailbreak John Deere’s software and hijack its vehicles by bypassing digital security locks.

John Deere is an agricultural vehicle manufacturing company that produces tractors, among others. A new jailbreak allows hackers to bypass digital security locks enforced by tractor manufacturing companies. Farmers across the world turned their heads to tractor hacking.

Root access to farm equipment

On Saturday, a hacker known as Sick Codes presented a jailbreak version for John Deere tractors at the DefCon Security Conference in Las Vegas. The jailbreak allows him to control multiple different models at once.

The new jailbreak emphasizes the security interference of right-to-repair activity. The vulnerabilities identified by Sick Codes is not a remote attack, but a major liability nonetheless. The vulnerability allows hackers to breach farming devices.

Procuring the agriculture industry, especially food supply chain processes, is tricky. Following the ransomware attack on meat supplier JBS, security measures have become a crucial step. The exploit found by Sick Codes is helping farmers secure their equipment in a better way. John Deere, however, hasn’t been very responsive to the ongoing research.

Sick Codes is an Australian hacker currently residing in Asia. He conducted thorough research and made his study public to various tractor manufacturing companies, including John Deere. Thanks to these findings, companies are able to identify and fix vulnerabilities.  

As of 2022, Sick Codes plans on paying attention to world food security along with the exposure of farming equipment. He feels that farmers can and should be able to control and adjust their own equipment.

The exploit

Sick Codes focused on several John Deere models, including the 2630 and 4240. He also experimented on various touch screen consoles and circuit boards to address the bypass technique to the dealer authentication of John Deere’s requirement.

He has successfully rebooted a game to examine the restoration of a device in the same way as if it was being accessed by an authorized user. He plans on offering more than 1.5 GB of logs to aid the authorized service in diagnosing equipment problems.

Lastly, he has patched controllers directly into the touch screen circuit boards, which allows him to bypass the system’s security easily.

John Deere breaks the silence

After many years of controversy in the US, the White House has finally issued an exclusive order instructing the Federal Trade Commission to improve the enforcement efforts related to various practices, such as considering the warranties for exterior repairs.

With the increasing pressure, John Deere finally broke its silence in March, announcing that it planned to make software repairs available to owners of its farming equipment.

In addition, the company disclosed that it plans to release an ‘improved customer solution’ in the coming year so customers and mechanics can leverage software updates for Deere farming equipment. It would eliminate the need to bring Deere equipment to the company or authorized dealerships for updates.

Tip: John Deere invests in autonomous tractors