The Agricultural Data Arms Race: Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain.

Presented at DEF CON 29 (2021), Aug. 8, 2021, 2:30 p.m. (20 minutes).

How I hacked the entire American Food Supply Chain over the course of 3 months, assembled a team of hacker strangers, and how we used a "full house" of exploits on almost every aspect of the agriculture industry. See the process in which it happened, the private exploits we used, the vectors we attacked from, and how it could happen again, or be happening right now. How the ongoing analytics arms race affects everyone, and how Tractor companies have metastasized into Tech companies, with little to no cyber defenses in place. Learn how farms are not like they used to be; telemetry, crop & yield analytics, and more telemetry. REFERENCES: https://github.com/sickcodes/Docker-OSX https://github.com/sickcodes/osx-serial-generator https://www.vice.com/en/article/akdmb8/open-source-app-lets-anyone-create-a-virtual-army-of-hackintoshes https://www.bleepingcomputer.com/news/security/python-also-impacted-by-critical-ip-address-validation-vulnerability/ https://sick.codes/sick-2021-012/ https://sick.codes/sick-2021-031/ https://sick.codes/leaky-john-deere-apis-serious-food-supply-chain-vulnerabilities-discovered-by-sick-codes-kevin-kenney-willie-cade/ https://www.vice.com/en/article/4avy8j/bugs-allowed-hackers-to-dox-all-john-deere-owners https://www.youtube.com/watch?v=rB_SleNKBus wabaf3t https://twitter.com/wabafet1 D0rkerDevil https://twitter.com/D0rkerDevil ChiefCoolArrow https://twitter.com/ChiefCoolArrow johnjhacking https://twitter.com/johnjhacking rej_ex https://twitter.com/rej_ex w0rmer https://twitter.com/0x686967 https://climate.com/press-releases/transform-data-into-value-with-climate-fieldview/14 https://www.agriculture.com/news/business/john-deere-to-acquire-precision-plting_5-ar50937 https://www.reuters.com/article/us-monsanto-m-a-deere-idUSKBN17X2FZ https://twitter.com/sickcodes/status/1385218039734423565?s=20

Presenters:

• Sick Codes
  Sick Codes: I am a Hacker, an Independent Security Researcher, an Australian, and an Open Source maintainer. I regularly publish nasty vulnerabilities in everyone's favorite products, from all the best vendors. I've published CVEs in Smart TV's, Browsers, missile design software, and entire programming languages. Freelance automation specialist by day and hacker by trade. I publish weaponized code on GitHub, namely Docker-OSX, which was my first big "thing," which now has 15k stars, and my biggest project, Docker-OSX has over 100,000 downloads on DockerHub. @sickcodes https://github.com/sickcodes https://www.linkedin.com/in/sickcodes/ https://sick.codes

Links:

• https://defcon.org/html/defcon-29/dc-29-speakers.html#sick
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Sick Codes - The Agricultural Data Arms Race - Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain.mp4
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 presentations/Sick Codes - The Agricultural Data Arms Race - Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain.pdf (slides)
• https://infocon.org/cons/DEF CON/DEF CON 29/DEF CON 29 video and slides/DEF CON 29 - Sick Codes - The Agricultural Data Arms Race - Exploiting a Tractor Load of Vulnerabilities In The Global Food Supply Chain.srt (subtitles)
• https://www.youtube.com/watch?v=zpouLO-GXLo

Similar Presentations:

• DEF CON 29 (2021) / Rotten code, aging standards, & pwning IPv4 parsing across nearly every mainstream programming language
• DEF CON 29 (2021) / Offensive Golang Bonanza: Writing Golang Malware
• DEF CON 31 (2023) / Legend of Zelda: Use After Free (TASBot glitches the future into OoT)