According to an Aug. 13 report from Wired, a hacker known as "Sick.Codes" presented a jailbreak he performed on John Deere 2630 and 4240 displays at DEF CON 2022, an annual hacking convention in Las Vegas held on Aug. 11-14.
The article states that Sick.Codes' jailbreak — when a user gains full access to the root operating system of a product — allowed him to take control of multiple models of John Deere tractors through their displays.
So what do dealers need to know?
1. The jailbreak involved modifications to the displays' circuit boards.
The Wired article clarifies that the hack was not done remotely but rather came from Sick.Codes' altering of 2630 and 4240 units' circuit boards in order to "bypass John Deere's dealer authentication requirements" and give himself full access to the displays.
"He found that when the system thought it was in such an environment, it would offer more than 1.5 GB worth of logs that were meant to help authorized service providers diagnose problems," the report states. "The logs also revealed the path to another potential timing attack that might grant deeper access. Sick Codes soldered controllers directly onto the circuit board and eventually got his attack to bypass the system's protections."
Sick.Codes did state, however, that it could be possible to develop a tool based on the vulnerabilities he discovered to allow the jailbreak to be performed more easily, whereas his hack came after months of trial and error.
Click here to see more...