Hacker Gain Root Access to John Deere Tractors

Share post:

At the DefCon security conference in Las Vegas on Saturday, a hacker named Sick Codes jailbreak John Deere & Co tractors. This enabled him take control of multiple models through their touchscreens.

Sick Codes findings therefore highlights the security implications of right-to-repair. The right to repair is a proposed government legislation that would allow consumers to repair and modify their own consumer product. The legislation therefore eliminates the requirement that consumers only need to use the services they provide by restricting access to tools and components.

To develop his jailbreak, Sick Codes used numerous generations of John Deere tractor control touchscreen consoles. Models used for this exploit are “2630” and “4240.”

Sick Codes has been experimenting for many months with a number of touchscreen circuit boards to find bypasses for John Deere dealers’ authentication requirements.

The hacker was able to perform a reboot check to restore the device as if it were being retrieved from a certified vendor. He explained that once in such an environment, the system would provide protocols worth more than 1.5 GB to help authorized service providers diagnose problems.

The logs also revealed the path to another potential timing attack that could grant deeper access. Soldering controls directly to the PCB eventually allowed the hacker to bypass the system’s protective mechanisms.

While the approach requires physical access to the PCB, Sick Codes explains that a tool based on the vulnerabilities could be more easily used to execute the jailbreak.

The sources for this piece include an article in Archive.today.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Apple reduces forecasts for Vision Pro as demand cools in key US market

In an unexpected shift, Apple has drastically reduced its shipment forecasts for the upcoming Vision Pro, indicating a...

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

AI surpasses human benchmarks in most areas: Stanford report

Stanford University’s Institute for Human-Centered Artificial Intelligence (HAI) has published the seventh annual issue of its AI Index...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways