Why Farmers Are Being Forced to Buy Ukrainian Firmware
We’ve told you about how the auto industry has shut off devices that can be installed in cars and used to disable or locate a vehicle if the owner doesn’t make a payment. We’ve told you about dolls that are connected to the internet but were left with security vulnerabilities that could allow a hacker to actually speak to a child through the doll. But this story might be the wackiest example of how much we rely on connected devices today and the consequences.
Have you ever seen those bumper stickers that say, “No Farms. No Food”? The point is that even though only 2% of all Americans are farms, we rely on them to grow the very food we eat every day. Even though farming is one of the oldest professions in the world, the agriculture industry has been hit by the need to connect the tools of the trade to the internet to make them easier to use, and one of those changes is causing farmers to put the well-being of their tractors on the line. Yes, we said tractors.
A few years ago John Deere began adding connected features to their tractors like John Deere Harvest Mobile and JD Link. Of course, the networked features allow for everything from farmers increasing the amount of grain they capture to environmental sensing, but the features that are causing the most aggravation for farmers today are the maintenance features. Just like automakers, John Deere put computers on board their tractors that monitor the machine’s functions and warn the operator if the tractor needs maintenance or what needs to be replaced if the tractor breaks down. While that may sound helpful, what John Deere slipped under their customer’s noses was that only a John Deere technician would be able to access the tractor’s systems and make the necessary repairs. See the problem? If a farmer’s tractor breaks down they can’t take it to the nearest shop, they have to find a John Deere technician and wait for them to come to them. It’s not hard to see how one breakdown could put a farmer way behind schedule. Plus, with John Deere being in complete control of the maintenance of their machines the farmers can’t make modifications and if John Deere stops supporting their tractors they’ll be out of luck.
But farmers across the country are fighting back, and it’s not just in court or by buying another brand. They’re actually hacking their own tractors. Instead of being forced to pay for John Deere authorized repairs that cost more time and money, farmers are instead going online and buying cracked software from the black market. In most cases, the software is taken from the U.S. to an Eastern European country like Ukraine and then sold back online to the farmers. This raises a few problems. Obviously, if a farmer is forced to go to the black market to find software that they can afford to use their opening themselves up to cybercrime. Knowing what the Stuxnet worm was able to do years ago, it’s not hard to imagine that a cybercriminal could destroy a tractor. The farmers’ problems also point to the fact that we’ve connected and optimized our devices so much and so quickly that security and regulations for IoT devices don’t exist, which means you can’t trust a manufacturer to create something with cybersecurity in mind.
In the future, this could change. Right now farmers are campaigning for the right to repair in Nebraska, and if they win their court battle they could set a precedent for future IoT devices, but as long as there is money involved some companies will always try and take advantage of their customers. So please, stay informed on what’s going on in the cybersecurity world so you don’t find yourself buying software from Ukraine just to do your job.