Critical infrastructure, Device Security

Supply Chain Level 0: Grinding Tractors to a Halt – Sick Codes – ESW #281

Sick Codes hacked all four John Deere Telematics Gateway's, and the John Deere Gen4 Series Display. Without those, it's "just a tractor." However, this is Critical Infrastructure. In fact, without Tractors, Combines & Implements: farmers cannot plant, spray or harvest. No raw materials == no food & alcohol. You will see how long I persisted over multiple months, to gain access and was able to hack these devices to the absolute binary core, warts & all. What was the bounty? Source Code, Root File Systems, FPGA compiled binaries, the works. Agricultural Security is a serious issue. Multiple ransomware attacks last year showed exactly how destructive attacks on Food & Agriculture are, and how fragile the supply chain is.

Segment Resources:

https://sick.codes

https://github.com/sickcodes

https://www.youtube.com/watch?v=zpouLO-GXLo

https://hardwear.io/usa-2022/speakers/sick-codes.php

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Sick Codes
Sick Codes
Security Researcher & Consultant at Sick Codes, Automated Security Research

“Sick Codes” is an Australian hacker, who resides somewhere in Asia: I love 0days, emulation, open source, reverse engineering, standing up for other researchers & fast motorbikes. I have worked on many interesting projects over the last few years including hacking & emulating TV’s, cars, tractors, watches, ice cream machines, and more. My heart lies with Free Software but I like to go where no researcher has gone before. My works include Docker-OSX, which regularly trends on GitHub with 25k+ stars, 300k+ downloads. I’ve spoken 2x at DEF CON 29, DEF CON 30, published 30+ CVEs, and do consulting and contracting.

Sick Codes will be speaking DEF CON Main Stage at DEF CON 30 August 11-14th, and recently spoke at Hardwear.io about one of the most ignored, yet highly relied on, pieces of critical infrastructure; the food supply chain.

Hosts

Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Katie Teitler
Katie Teitler
Senior Security Strategist at Axonius
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security
prestitial ad