Remote bricking of Ukrainian tractors raises agriculture security concerns | #computerhacking | #hacking

Against the backdrop of horrific reports from Russia’s Ukraine invasion, an encouraging story emerged earlier this month when unidentified Ukrainians remotely disabled tractors worth $5 million that Russian soldiers in the occupied city of Melitopol stole from Agrotek-Invest, an authorized John Deere dealer. The soldiers stole 27 pieces of farm machinery and shipped them primarily to Chechnya, 700 miles away, only to discover they had been rendered inoperable due to a “kill switch.”

The dealership tracked the machinery using the tractors’ embedded GPS technology. Although the equipment was reportedly languishing at a farm near Grozny on May 1, one source said the Russians had found consultants who would try to bypass the digital protection that bricked the machines.

Some observers fear that malicious actors could exploit the same technology Deere and other manufacturers use to update and monitor farm equipment. If successfully accomplished on a large-enough scale, a cyberattack could disrupt significant portions of what has become critical agricultural infrastructure.

Modern tractors are intelligent machines

Farm equipment, including machines made by industry titan John Deere, evolved starting in the 1980s from old-fashioned analog tractors, combines, and so forth into digitally connected intelligent devices that produce treasure troves of agricultural data. For example, modern tractors became equipped with “torque sensors on the wheels that measured soil density, humidity sensors on the undercarriages that measured soil moisture, and location sensors on the roof that plotted density and moisture on a centimeter-accurate grid.”

What enabled the kill switching by the Ukrainian dealership is something that initially began in the auto industry called vehicle identification number locking or VIN-locking. VIN-locking enables only authorized technicians to enter special codes to work on a machine’s internal network. Deere’s use of VIN-locking became infamous when the tractor maker decided to deny farmers access to the computer software running their machines so they could make repairs. The company argued that farmers had no right to access their proprietary code.

Tractors fueled the right to repair movement

This refusal gave the “right to repair” movement in the U.S. steam to demand changes to the Digital Millennium Copyright Act (DMCA). The idea is to require John Deere and other equipment makers to provide access to “the same agricultural equipment’s diagnostic and repair information made available to the manufacturer’s dealers.” Deere has vigorously opposed this notion.

Copyright © 2022 IDG Communications, Inc.

Original Source link

Leave a Reply

Your email address will not be published.

+ 75 = eighty four