Hackers Make Hay? Smart Tractors Vulnerable to Full Takeover www.darkreading.com/cloud-sec…

At this year’s Black Hat USA event in Las Vegas, Felix Eberstaller and Bernhard Rader of Limes Security GmbH will reveal the unprecedented access they obtained to connected tractors across the world, particularly in Asia and Europe. They did so through the FJD AT2, a particularly vulnerable aftermarket steering system developed by Chinese manufacturer FJDynamics.

“Once you gain control over the network traffic of the tractor — for example, you’re on the same network — or you have advanced manual capabilities like a nation-state actor, you can just exchange the updates that are being pulled from the cloud,” Eberstaller explains. “The update mechanism is really badly designed. It has no TLS encryption, it has no signatures, so you just can say: ‘Hey tractor, this is your new firmware, just download it.'”