How a version of Doom running on a John Deere tractor champions the right-to-repair movement
Right to repair has been a hot topic over the past several years. As products have become more complicated, so has the process of repairing them. Thankfully, some companies, Samsung, Google, and Apple, just to name a few, are leaning into the movement, offerings parts and repair manuals for some of their products. But there are still so many other brands unwilling to participate, making it as difficult as possible to repair their products. John Deere, the tractor company, falls in the latter category. Now it looks like things might be changing, as a security researcher has recently shared his efforts to crack open John Deere’s tractor software, giving operators new hope.
Def Con brings out the most creative bunch as it is the largest hacker convention in the world. The event hosts over 30,000 attendees, ranging from hobbyists to government agents from the FBI, DoD, and more. While there are plenty of exciting projects shown each year, Sick Codes, a security researcher, showed off his hard work, cracking open John Deere’s tractor software and gaining access to controls and also precious logs that were originally for the eyes of authorized technicians. This is important because it is the first step in allowing John Deere equipment operators a chance to troubleshoot and repair their own vehicles if something goes wrong.
Sick Codes achieved this by working with different tractor control touchscreen consoles, narrowing it down to a select few models, and finding a way to exploit these devices. Sick Codes was able to tinker with the 2630 and 4240 Universal Display units, eventually bypassing John Deere’s authentication system and gaining access to 1.5GB worth of logs that help with diagnosing issues. Eventually, he could go further into the system, unearthing a terminal pop-up and gaining root access. While Sick Codes’ method isn’t the most practical for a tractor owner, he states that with more work, he can develop a tool in the future. Naturally, it wouldn’t be a Def Con without some fun, where Sick Codes also showed off a farm-themed version of Doom on the hacked tractor interface.
According to Wired, Sick Codes was “primarily concerned about world food security and the exposure that comes from vulnerable farming equipment, he also sees important value in letting farmers fully control their own equipment.” This is important because the landscape regarding the right-to-repair movement is currently changing. U.S. President Joe Biden signed an executive order in 2021, with the Federal Trade Commission (FTC) quickly taking action. More recently, New York passed a bill, and as stated prior, some of the top smartphone manufacturers have taken steps to move in the right direction. John Deere has even recently announced that it would make some of its tools available to equipment owners and make software updates available to mechanics and farmers next year. While this is good, it’s still a small step. It will be interesting to see who comes out with a more thorough solution first, John Deere or Sick Codes.