Supply Chain Level 0: Grinding Tractors to a Halt – Sick Codes – ESW #281
Sick Codes hacked all four John Deere Telematics Gateway's, and the John Deere Gen4 Series Display. Without those, it's "just a tractor." However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
“Sick Codes” is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 25k+ stars, 300k+ downloads. I’ve spoken 2x at DEF CON 29, DEF CON 30, published 30+ CVEs, and do consulting and contracting.
Sick Codes will be speaking DEF CON Main Stage at DEF CON 30 August 11-14th, and recently spoke at Hardwear.io about one of the most ignored, yet highly relied on, pieces of critical infrastructure; the food supply chain.