One of the most fascinating discoveries aliens would discover would probably be the many different objects running a strange piece of software that involves everything from murdering hordes of demons to heavy metal riffs. There are already boatloads of gadgets that were never intended to run Doom but nonetheless exist. Thanks to "Sick Codes," an Australian security expert, there's another way to rip and tear for the would-be DoomGuys.
At DEF CON 2022 last week, he demonstrated how to take complete control of John Deere farming equipment. He even went a step further by doing what every demon slayer in their right mind would do and running the one classic game that launched the whole first-person shooter game into overdrive.
Sick Codes says he spent several months working on various John Deere tractor models before eventually taking control of a John Deere 4240 touchscreen console equipped with an Arm-based NXP I.MX 6 system-on-chip. This model runs Wind River Linux 8, although some of the other models he worked on were running Windows CE.
The hacker did not improvise an exploit, but rather discovered a way to simply jailbreak the device. The touchscreen displays on John Deere tractors have fundamental security flaws, leaving them wide open to ransomware attacks. In other words, one can bypass the digital locks on these tractors, and from there, the possibilities are endless.
To be clear, this isn't a simple task. It requires extensive knowledge of embedded electronics and operating systems. Sick Codes discovered that it was possible to manipulate the system to start up in a different mode, which should only be accessible to authorized dealers. This internal system allowed access to more than 1.5 gigabytes of logs used by service providers to diagnose problems with the tractor.
Sick Codes gained an understanding of how to bypass system protections with some changes to the controller board. It might also be feasible to develop a tool that would make the jailbreak much simpler for the layman to run software with root access. Of course, Sick Codes demonstrated this by installing a custom installation of one of our favorite retro FPS courtesy of a New Zealand-based modder who goes by "Skelemom" on Twitter.
John Deere tractors are well-known for having lock-down software that prevents third-party or DIY repairs. Earlier this year, Russian troops stole $5 million worth of combines only to discover that they had been remotely disabled by the manufacturer. Nonetheless, this jailbreak could provide farmers an alternative to paying for repairs themselves.
Kyle Wiens, right-to-repair advocate and CEO of popular repair website iFixit, claims: "Sick Codes has jailbroken a John Deere," and this is just the beginning.
John Deere claims that it can't trust farmers to manipulate all of this new-fangled equipment. Nevertheless, growing public pressure has already forced the company to promise an "enhanced self-repair solution," so farmers can apply software patches without going to the dealer. The company has set a tentative release date for 2023.
Karl Wiggers is given the credit for Masthead.