John Deere, the brand name of Deere & Company which is an American company manufacturing for example, agricultural machinery and lawn care equipment, and more has lately been paid a lot of attention in several news reports regarding their app, and their draconian locks they have put on their equipment. For example, Vice’s Motherboard has reported on two interesting flaws related to automotive cybersecurity regarding John Deere.
In “Bugs Allowed Hackers to Dox John Deere Tractor Owners” it can be read how a security researcher found vulnerabilities in John Deere’s apps and website that potentially could allowed hackers to access the personal data of all owners of the company’s farming vehicles and equipment. However, the security researcher informed John Deere about the bugs and on April 12 and 13 the bugs was quickly fixed by the company. So far there is no evidence that hackers have exploited the flaws reported.
Further, in “Why American Farmers Are Hacking Their Tractors With Ukrainian Firmware” interesting reading on the “Right to Repair” concept is found. Here, farmers must hack their own farm equipment since John Deere, but supposedly other manufacturers too, will not license out the necessary software for diagnosing and fix it. Some farmers see this as an attack on their sovereignty as they do need to be able to repair their own farm equipment on their own terms, just as they have always done if their tractor breaks at an inopportune time. Most equipment owners think that this must be doable outside service intervals and in order to circumvent these draconian locks, firmware that have been developed in Eastern Europe are traded to equipment owners as “invite-only” and paid for on online forums. According to the news article, tractor hacking is a growing concept for “unauthorized” repair on farm equipment.
Written by Joakim Rosell