[bri3d]

More like "farm equipment manufacturers have insecure backoffice web services" with some tenuous and unsubstantiated highly contrived links to fanciful action movie sub-plots.

I agree that automotive and farm equipment have generally mediocre security track records and that, with the addition of remote connectivity, these issues are concerning. But all hyperbole and breathless reporting like this gains us is an excuse for repair hostility under the guise of "security."

[mistrial9]

I believe by gut feeling, that the "heavy farm equipment with tracking and repossession built-in" example directly inflames ancient tensions between farmers and remote management. The psychological trigger of the topic adds power and excitement to both sides of that, and security shenanigans multiply, with publicity.

[jet_32951]

Not just repair hostility: especially JD sought to wall in their garden a decade or so ago. They went all-in on Canbus/SAE J1939 and used the proprietary word spec to keep out other manufacturers of ag automation. I worked at Trimble Navigation during that time, remember it well. Most manufacturers were still using direct hydraulic controls then. Not JD. Evidently things have just got worse since.

[JamisonM]

Isn't using J1939 just an example of them embracing an industry standard? That stuff is everywhere now, right?

[jet_32951]

It is how you embrace J1939 that makes the difference. In a J1939 dataframe two data words are defined: one open, the other proprietary. The proprietary word can be, and is with JD's implementation, encrypted. Therefore, anything actuated by the proprietary word is operable iff you have the key.

[JamisonM]

Thanks!

[maxerickson]

You seem to be saying electronic controls are bad. Why?

[sandworm101]

They are not innately bad, but they are implemented in a bad way. A system of hydraulic control lines cannot be locked behind copyright. They can be physically fixed. A cracked manifold can be welded or replaced. But when fixing a modern electronic system you must have the permission of the manufacturer before replacing a part, or even opening some boxes. Any mechanic can see leaking hydraulic fluid. But modern electronic systems can require special/expensive tools just to read the error code telling you which part has failed.

[fho]

Next up: John Deere invents a hydraulic rights managment (HRM) system that implements a communication protocol between hydraulic components using high frequency pressure changes in the hydraulic lines. These signals are interpreted by mechanical/hydraulic processing units to p̵r̵e̵v̵e̵n̵t̵ ̵t̵a̵m̵p̵e̵r̵i̵n̵g̵ ̵w̵i̵t̵h̵ ensure the quality of the product.

[voakbasda]

Don’t give them ideas. They have proven themselves willing to screw their customers. Don’t give them another way to extort us.

[userbinator]

is an excuse for repair hostility under the guise of "security."

That's what every other company has been trying to do too, not just farm equipment manufacturers. If you look between the lines you'll find that the "security industry" is largely in favour of corporate-authoritarianism. Thankfully, not everyone is stupid, and I suspect farmers are actually more likely to spot the BS.

[lloydgrossman]

> If you look between the lines you'll find that the "security industry" is largely in favour of corporate-authoritarianism.

If you're looking for some unreasonably secure device, obviously you have to bake an apple pie from scratch in order to ensure no steps in your supply line are tampered with. Current system has plenty of problems with which that's being used as a defense though, and the fact that those systems are so closed is what allows zerodium to exist in the first place.

[atoav]

I think, reasonably secure would already be enough. Not even that level is reached.