Farming has gotten quite tech-savvy. These days, there are all sorts of Wi-Fi-enabled, app-controlled, and autonomously piloted machines out there doing the tilling and harvesting. The biggest player in the high-tech farming field is John Deere, a company that keeps very tight control over who can modify or repair its tractors and other farm equipment. The company’s policies have drawn ire from advocates in the right-to-repair movement, who think that if you buy something, you should be able to fix it, upgrade it, or modify it without having to jump through the company's hoops. Recently, a white-hat hacker discovered a way to jailbreak John Deere tractors, allowing all sorts of non-company sanctioned access to the devices. It’s a big move that has implications for the security of the food supply and for the repairability of devices across the world.
This week on Gadget Lab, WIRED senior writer Lily Hay Newman joins us to discuss the latest John Deere hack and what it means for the broader right-to-repair movement.
Read Lily’s story about the jailbreak of John Deere tractors. Read Andy Greenberg’s story about getting hacked while driving a Jeep at 70 mph. Here’s Lily on what happened when a ransomware attack hit JBS meat processing facilities. Follow all of WIRED’s security and right-to-repair coverage.
Lily recommends wearing N95 masks, in particular the very stylish Kimberly Clark duckbill mask. Lauren recommends the New Yorker interview with Ocean Vuong, author of poetry collection Night Sky with Wounds and the novel On Earth We’re Briefly Gorgeous. Mike recommends the music of Patrice Rushen.
Lily Newman can be found on Twitter @lilyhnewman. Lauren Goode is @LaurenGoode. Michael Calore is @snackfight. Bling the main hotline at @GadgetLab. The show is produced by Boone Ashworth (@booneashworth). Our theme music is by Solar Keys.
How to Listen
You can always listen to this week's podcast through the audio player on this page, but if you want to subscribe for free to get every episode, here's how:
If you're on an iPhone or iPad, open the app called Podcasts, or just tap this link. You can also download an app like Overcast or Pocket Casts, and search for Gadget Lab. If you use Android, you can find us in the Google Podcasts app just by tapping here. We’re on Spotify too. And in case you really need it, here's the RSS feed.
Michael Calore: Lauren.
Lauren Goode: Mike.
Michael Calore: Have you ever jailbroken an iPhone?
Lauren Goode: No, but I have repaired my own iPhone. There was a period of time where I broke two iPhones in a row, shattered the screen. And I bought an iFixit kit and repaired the screen myself.
Michael Calore: Nice.
Lauren Goode: I felt pretty good about that.
Michael Calore: Nice. Even though you voided your warranty?
Lauren Goode: Sure. That's what they try to tell you.
Michael Calore: Have you ever jailbroken a tractor?
Lauren Goode: Unfortunately, I have not had the opportunity to jailbreak or repair a tractor.
Michael Calore: Oh. Well, somebody might be able to help you, so we should talk about it.
Lauren Goode: Let's do it.
[Gadget Lab intro theme music plays]
Michael Calore: Hi, everyone. Welcome to Gadget Lab. I am Michael Calore. I am a senior editor at WIRED.
Lauren Goode: And I'm Lauren Goode. I'm a senior writer at WIRED.
Michael Calore: We're also joined this week, once again, by WIRED senior writer, Lily Hay Newman. Lily, welcome back to the show.
Lily Hay Newman: I'm happy to be here.
Michael Calore: Even if you aren't a farmer, you have probably heard of John Deere. The company makes tractors and the kinds of big equipment that farmers use to plow their fields and harvest their crops. And in recent years, farming has gotten very tech-savvy. We're talking about autonomous navigation and Wi-Fi and touchscreens and everything. And John Deere has really been at the front of this trend.
John Deere has also been controversial for keeping all of this tech proprietary. Meaning, if something breaks, you've got to call in a John Deere technician to fix it. The company has become a lightning rod for advocates in the right-to-repair movement who argue that people should be empowered to fix their own stuff if they want to, without having to go to a certified, and therefore more expensive, repair center.
We'll get into repairability in the second half of the show. But first, let's talk about John Deere specifically. Now, Lily, you wrote a story for WIRED this week about a hacker who demonstrated how to gain full control of a John Deere tractor by bypassing the company's built-in software. This hack was shown off at Def Con, which is a conference that's a premier venue for this type of thing. So, quickly tell us, to set the scene a little bit, what is Def Con, and what typically happens there?
Lily Hay Newman: Def Con is a information security and digital privacy research conference, but a really fun, wild one where hackers and researchers descend on Las Vegas to show off their findings, hacking all manner of applications and real things, like tractors, but also medical devices, pacemakers, satellites. I guess literally, the sky's the limit.
Lauren Goode: And so, what happened this year at Def Con with a hacker named Sick Codes?
Lily Hay Newman: Sick Codes has done some John Deere-related hacking in the past and hacking of services from other tractor manufacturers. But in the past he had worked on research related to hacking systems like application programming, interfaces, and web services related to how the tractors connect up or sync up with bigger services from the companies. And this year he said he wanted to really put his money where his mouth was. And he demonstrated a full jailbreak of a tractor, meaning full control, root access to do whatever he wanted with the tractor. And as he described it, root access is very rare in Deerland.
Michael Calore: This is because John Deere probably has a pretty robust security team that keeps everything locked down pretty hard.
Lily Hay Newman: I would say it's because primarily of security through obscurity, that the systems are proprietary, as you said, and so locked down, and there's such an interest from the company. And as you said, this is true of other tractor manufacturers, too. There's such an interest in not letting anybody see how the sausage is made or see inside the black box, that it's just complicated and time-consuming and difficult. And not a ton of people have done exactly what he did. So, I would say that's the reason.
Lauren Goode: And what was Sick Code's goal? Because he told you, when you spoke to him, that the folks who are typically on the side of right-to-repair, the idea that you should just be able to crack open and repair everything you own, that they were a little bit opposed to what he was trying to do. Because one of the farmers said to him, "You're effing up all of our stuff." But it seemed like maybe, because he is a white hat hacker, he was trying to expose something for the broader good. What was he hoping to get from this?
Lily Hay Newman: Yeah, I think it's a really important question and something he's exploring too. In the past, his research into those web services that I talked about was really focused on revealing security vulnerabilities because of concerns about food security in the world and farmers' businesses and the fact that they need to be able to pull stuff out of the ground at the right time, as he put it. So he was looking at this more, as John Deere and other tractor manufacturers—their stuff isn't actually that secure. And he was feeling really concerned about that.
What happens if there's a ransomware attack against a giant agriculture conglomerate? We've already seen, for example, the ransomware attack against JBS Meat last year, that really messed with the meat supply chain. And that was the largest global meat producer. One of the largest. So, attacks against agriculture are real. It's really possible that could happen.
And so he was coming at it from the perspective of feeling concerned about the digital security of these systems. But as you're saying, a lot of the feedback was from farmers who take advantage of these same vulnerabilities that hackers could take advantage of. They use them to gain more access, more control over these devices and vehicles that they bought, that they own, that are sitting in their field. It's interesting. It's a reliability question from the other side, where they're looking at it as, "The more control we have over our devices and the easier it is for us to make repairs ourselves, the more reliable our vehicles will be." So if something happens in the field, and you're in the middle of your big moment to harvest, you can just do a quick repair or change the setting or adapt the way you need to and have reliability that way.
So, this tension is really interesting and comes up in other devices and other sectors as well. It's not just related to tractors. This question of closing vulnerabilities so hackers can exploit them. But then, what does that mean about good actors' ability to use those same vulnerabilities for their own benefit?
Lauren Goode: And you bring up a good point about agriculture in particular, and how much those harvest windows matter to farmers. I have heard from farmers. I've sat in on these briefings that are often hosted by right-to-repair advocates, the US Public Interest Research Group, where they've had farmers come forth and tell their stories about their inability to repair their tractors and what that means. If they have to go to some kind of authorized dealer or they have to go to someone who does John Deere repairs specifically, because they've been authorized by John Deere, and how that just takes a lot of time out of … It could take days, weeks, months. And you've missed your harvest season. For a lot of people, that's a matter of having food; having the finances to support their farm. It can actually be quite a big deal. Not to mention that when you go to one of those authorized dealers or repair shops or back to John Deere itself, it means they can command a certain price from you.
Lily Hay Newman: Right. Exactly. And I think when it comes to the global food supply, it's that farmer or that agriculture business. And then, it's also just all of us. We all are getting food from that process. So, it is a global security issue. But also, there's this global security issue of the digital security of these vehicles and the web systems that underlie them. And they're both important concerns, and there's potential disruption on both sides.
Michael Calore: John Deere has been a very high-profile target for hackers recently. As you said, there was a John Deere hack at Def Con last year. The company has been at the forefront of autonomous tractor technology. What did the company have to say about this latest drop from Sick Codes?
Lily Hay Newman: In fact, I was just checking my email to make sure I wasn't telling you all the wrong thing, but I reached out to John Deere and checked multiple times and I haven't heard anything from them. I haven't heard any comment for my story. So, that seems to be where they're at right now. One thing I would say …
Lauren Goode: I say that often about my dating life. "Has that person gotten back to you in a few days?" "No, that seems to be where they're at right now."
Lily Hay Newman: It's a complicated one. The attack involves physical access, which is just to say that it can't be exploited remotely over the internet right now, to just brick all the tractors or something. You have to be physically with the tractor to do the jailbreak, which is OK for farmers because it’s their tractors, but reduces the immediate risk that thousands of tractors are going to be attacked by hackers. But on the other hand, it is total access, total control. And because, Calore, as you were saying, John Deere has been on the forefront of all these interconnected systems and subscription services and all different types of features that are now in these tractors. There is a lot of internet connectivity that is part of this.
And there's potential that other vulnerabilities could come up that could be chained together with some of these findings in new ways. So, there is some potential for remote access. But the fixes are going to be difficult, especially in existing vehicles that are out there now. There's not, "Oh, we'll just send a patch or something." There are a lot of findings here. So as I said, I haven't heard from John Deere. But Sick Code's, his evaluation of it was that there isn't one simple fix.
Michael Calore: All right. Well, let's take a quick break. And when we come back, we will plow ahead with more.
Michael Calore: The right-to-repair movement goes well beyond high-tech tractors. Companies like Apple, Google, and Samsung have recently bowed to pressure to make their devices more repairable. They've rolled out programs that let people buy the parts and tools they need for simple phone repairs, things like replacing a cracked screen or a dead battery. Of course, people have always figured out ways to do these things on their own. But the big change here is that the phone makers are now sanctioning these repairs so that people can do them with official parts. And since they're doing it with permission, they can crack open their phone without automatically voiding its warranty.
These repair programs from Apple and Samsung and Google have all launched this year. And they haven't been perfect, but they're at least something, which is good. Lily, what are some of the pressures that led to these companies loosening up their repair policies?
Lily Hay Newman: In recent years, and especially in the past 18 months, there has started to be a turning point, at least from the US government, that is pushing some of this or creating more momentum. The White House had an executive order on right-to-repair last year, and the Federal Trade Commission committed to expanding their enforcement, especially when it comes to these situations where a company is saying, "You void your warranty if you get repairs from an unauthorized repair person,” or something like that. And then very recently, New York State passed the first state right-to-repair-related law. So there's definitely a momentum going on. And I think there's been some writing on the wall for the companies.
Lauren Goode: We should also note, too, that the whole idea of warranties in many cases, not in all cases, is kind of bullshit.
Michael Calore: How so?
Lauren Goode: Well, because, in the United States, there's something that's known as the Magnuson-Moss Warranty Act, which was passed in Congress in 1975, that created limitations or restrictions around how manufacturers could use disclaimers on warranties. And US PIRG, which I mentioned earlier, it’s done some research into this in recent years where it’s come up with a list of manufacturers who would put stickers on things, think gaming consoles or even your refrigerator, that says "Warranty voided if tampered with,” that actually are illegal. They're not supposed to use that phrasing. And they're not supposed to indicate that you would not be able to get your device repaired for free or without charge if you happen to try to fix it yourself. So the whole warranty thing is very delicate. And so I don't think we should operate under the assumption that if you try to repair your own iPhone, then you're breaking some sort of warranty.
I think part of the reason why we are starting to finally see change around right-to-repair is because there's just that much pressure from grassroots advocacy that has led to state bills, which in two instances has actually led to state laws. And now there's actually pressure at the federal level, too. There was this real moment for the right-to-repair movement last summer when President Joe Biden issued this directive for the FTC to draft new regulations around right-to-repair. And those regulations would limit manufacturers' ability to restrict repair. And then a couple weeks later, the FTC voted unanimously to enforce right-to-repair laws.
So there are several states that have introduced bills this year for right-to-repair, or they've carried over from prior years. But I think the federal attention last year really was what pushed this over the edge.
Michael Calore: Yeah. And I think beyond that, because it's in the public conversation, because the president is talking about it, and because people are reading about it in places like WIRED and other publications that cover technology, people are reading this, and they're getting frustrated that they just can't fix these things themselves. A lot of people grew up fixing their own bicycle, fixing their own car, fixing their own computer. And now, all of a sudden, they're buying computers that are hermetically sealed and filled with glue that they can't fix themselves. And that frustrates them because they know how to, and they know where to get the parts, and they should be able to, but they just can't because of some weird reason. It comes down to a power struggle. I think people push back instinctively against oppression in that way. Not capital O oppression, but lowercase O oppression.
Lauren Goode: Well, capital C capitalism.
Michael Calore: Yeah, sure.
Lauren Goode: It really has forced a philosophical conversation about what we do own. Because everything we buy now … I shouldn't say everything. But many things we buy now are both hardware and software. Or they're hardware devices that have services layered on top of them that are critical to using the thing. We talked about this recently because of the BMW news that I think The Verge reported on. That they were going to be charging for seat heaters. And that Tesla will soon be charging for navigation services. It might no longer be free on your tablet. So in the car world, you think about, OK, if I purchase the car, what do I actually own, if there are all these software elements to it, and I'm either paying a subscription for them, or I have no control over that software? It's really forced us to think deeply about what it means to "own something" versus what's being licensed or rented or … Yeah. Because of software. Because software.
Lily Hay Newman: But I think the thing about the change that has happened historically, with things like cars and tractors, and I'm not an expert on this, but I get the sense that one thing that has driven the classic car boom is that people love repairing classic cars because they can. There's no computers in them, and it's an actual, tangible thing that you can really put your hands on.
And the same for tractors. One of the reasons farmers are so dedicated to classic tractors and older tractors is because they just don't have any of this bullshit in them. And so, they can just own them and repair them and sell them to others and buy new ones and do whatever. And there's no subscription services, there's no anything. And there's just a real satisfaction and, like we were talking about, a reliability that comes from that. You don't feel worried that you're going to have to figure out how to get your tractor somewhere or schedule with a certain repair person, and it might be costly and just a problem in your harvest schedule or whatever you have going on.
You know you have full control and that you can be self-sufficient or sufficient within your community. So, that all makes a lot of sense to me and really resonates. And also, just to tie it in, is really in keeping with the hacker ethos and hacker ideals about hardware hacking as well as in the software realm.
And I could see why the Sick Codes hack really could present a conundrum for the right-to-repair side. Because if the opponents of right-to-repair have long said, "This could create security issues …" Security and safety issues. Sometimes they'll say, "We don't want you replacing your own battery because you could buy a cheap battery, and there could be a thermal runaway and start a fire." But sometimes it's that bad actors could get into your devices then and get your personal information. That's one of the big arguments.
And oftentimes, groups like Securerepairs.org, or even the FTC when they issued their report last May, would come out and say, "Yeah, we do believe those security fears are overblown." But then if you have a bunch of hackers descending on a conference in Vegas and saying, "Look how easy it is to crack these things open," it's, "Oh, well actually, maybe it's not so overblown."
Lily Hay Newman: Yeah. And something like cars, we've seen, both famously in WIRED and elsewhere, that remote car hacking is real.
Lauren Goode: That's right. Our famous Jeep story.
Lily Hay Newman: Yeah. The Jeep hack. And even maybe more critically with something like tractors or farm equipment because of the food security issue we were talking about. One thing someone told me once is that the reason … I think it was maybe around the time of the Jeep hack or something, and I was interviewing someone and saying, "Wow, car hacks. That's really scary. Because what if you're in a car?" And they said, "The thing about it though, is there isn't really a business model to just randomly killing you and your car." That you can't make money off, Lauren, off of just killing you in your car. But the global food supply thing and the ransomware attacks or disruptive attacks in the context of geopolitical conflict you're saying … That to me, seems like a much more tempting or high-profile target where we can really see what the immediate disruptive impacts of attacking the global agriculture system would be.
So, I think what Sick Codes was trying to get at and the discussion and the discourse at Def Con was really around, how can everyone get on the same side? Ideally, there wouldn't be such a controversy and conflict about right-to-repair. And then, everyone would really be able to be on the same side about patching these vulnerabilities, building more secure systems so that there isn't a threat from hacking.
Michael Calore: All right, well, this has been elucidating, but we have to take a break. And when we come back, we'll do our recommendations.
Michael Calore: All right. Here we are at the last segment of our show where we go around the room, and we ask everybody to recommend a thing that they like that our listeners might also enjoy. Lily, as our guest, you get to go first. What is your recommendation?
Lily Hay Newman: Oh, wow. I'm first. OK.
Michael Calore: Yeah.
Lily Hay Newman: My recommendation is N95 masks.
Michael Calore: Spoken like somebody who just attended a couple of conferences.
Lily Hay Newman: Yes. I just attended three conferences in a row. Some had mask mandates, some didn't. A lot of people I know who took extensive precautions did get Covid. This isn't to say masks are fool-proof. And famous last words: What if I test positive later today or something? But so far, so good. And I just really felt good having some type of concrete action I could take in a mad world. So, big ups to N95 masks.
Michael Calore: Do you have a preferred brand or color?
Lily Hay Newman: I do. The masks I wear are the Kimberly-Clark Professional N95 Pouch Respirator. They are the ones that look like duck bills. They are white. I'm having trouble even verbalizing how unattractive they are. And yet, they are my recommendation because in that duck bill, in the pouch, you get a good amount of air. And it's not right up against your face, so you don't have that … I was putting my hand up to my face, as I said that. So, you don't have that claustrophobic feeling and out-of-breath feeling from them. Or at least I don't. And yeah, they're just very comfortable. Maybe they're not for everyone because of the aesthetic issue, which I'm acknowledging up front here. But for me, they are my recommendation because they're just very comfortable. And at this point in the pandemic, I just cannot be bothered. Whatever is comfortable is what I want to be wearing.
Michael Calore: Nice.
Lauren Goode: That's a great recommendation, Lily. Thank you for helping our affiliate link business because we are going to link to those in the show notes.
Lily Hay Newman: It is my absolute pleasure.
Michael Calore: Now I have to read the disclaimer.
Lily Hay Newman: Right.
Michael Calore: Lauren, what is your recommendation?
Lauren Goode: My recommendation this week is an interview in The New Yorker with Ocean Vuong. He is the author of the poetry collection Night Sky With Wounds. And a lot of people will know him for his novel, On Earth We're Briefly Gorgeous. This Q and A was actually from the spring. But I came across it because our old friend, Nick Thompson, who used to be our editor-in-chief at WIRED, and now he's the CEO of the Atlantic Media Company; he still has time to be a LinkedIn influencer and stuff.
Michael Calore: A LinkedInfluencer?
Lauren Goode: A LinkedInfluencer. And he sends out these newsletters regularly saying, "Here are all the things that I'm reading, when I'm not running a hundred miles up a mountain." And I think he did a 40-mile run recently. Sorry, Nick. I don't mean to misstate that. But he recommended this in one of his reading lists recently. And it's long, and it's thoughtful. And I found it really inspiring. Vuong talks about his mother who inspired much of his work and who passed away in 2019. Talks about his approach to writing and how he always feels like a student. He talks about writing in Popeye's in Manhattan. He talks about the difference between going to a coffee shop to write, where everyone is writing something, and you can look over and see people working on screenplays and doing track changes and all that, versus being in a Popeye's where people are just in and out, in and out, and no one's really just sitting there doing work and how he enjoys that.
He talks about his current family dynamic and taking care of his younger brother. He used the word "capacious" in this really beautiful way, which I really like. Yeah, I really enjoyed it. And as a writer, I found it inspiring. So, I recommend reading that.
Michael Calore: Nice.
Lauren Goode: Mike, what's your recommendation this week?
Michael Calore: My recommendation is that everybody should go listen to the music of Patrice Rushen.
Lauren Goode: OK. Tell us about this.
Michael Calore: It's Patrice Rushen, R-U-S-H-E-N. Patrice Rushen is an R&B jazz person. Her main instrument is the keyboard, so she plays piano and synthesizers and stuff. But she also produces and arranges and plays a bunch of different instruments. She hit her stride in the late 1970s. There are three albums in particular, Shouted Out, Patrice, and Pizazz, which I think are all just masterpieces.
But the thing is, Patrice Rushen is one of those people who, if you're into funky jazz stuff and funky R&B, people like Stevie Wonder and Herby Hancock and Diana Ross and disco music, you may have heard Patrice Rushen songs. But she hasn't really gotten the due that I feel like she deserves. She's under the radar. She's had a very successful career. She's won Grammys. But she's not a household name in the same way that people like Herby Hancock and Stevie Wonder and Diana Ross are.
So, I'm really trying to give her some love and turn more people onto her music. So, I've been putting her music on playlists that I share with people. I've been sending it around. And universally, people are, "Who is this? I've never heard of this person. All of her records are amazing." So, I want to say it here on the show that you should listen to Patrice Rushen. She's really awesome.
Lauren Goode: I am going to rush into listening to that.
Michael Calore: You should.
Lauren Goode: Can I add two addendums to our recommendations this week?
Michael Calore: Sure.
Lauren Goode: The first is that a couple of weeks ago I recommended a sunscreen from CeraVe. CeraVee? CeraVe? I don't know how to pronounce it. And I said it was French. And it's actually made in the States. It's probably made in some lab in New Jersey, and here I am going, "It's French,” because it sounds vaguely French.
Michael Calore: Because that's how you sell sunscreen.
Lauren Goode: So, I had to issue that correction.
Michael Calore: OK.
Lily Hay Newman: Does your recommendation for the sunscreen still stand?
Lauren Goode: It does still stand. Absolutely. And it still makes your face really ghostly-looking because it's mineral sunscreen. Still, I recommend it. My second addendum is that last week, Mike, I said I was never taking a recommendation from you again, after you recommended The Northman.
Michael Calore: That's right.
Lauren Goode: But you recommended that I watch the season finale of season three of Atlanta. I had not watched Atlanta in a long time, but I just dove right in and watched the season finale of season three. It was so good. It was just fantastic. And I recommend everyone watch it. And you made up for it, so thank you. You made up for The Northman.
Michael Calore: I look forward to recommending lots of Alexander Skarsgård-related media to you in the future.
Lauren Goode: It honestly wasn't even about Skarsgård. Just the episode is so good. And those of you who watch this will know the dropping of the vase was like … I was crying laughing. It was so, so funny.
Michael Calore: To be clear, if it's not at the tip of your tongue, this is the episode that takes place in Paris.
Lauren Goode: Yes. Yeah.
Michael Calore: When Vanessa's friends come to visit her in Paris.
Lauren Goode: Right. And Vanessa has, all of a sudden, turned into some Amélie—
Michael Calore: She's a fake French person.
Lauren Goode: She's a fake French with a fake French accent.
Michael Calore: Probably sells sunscreen.
Lily Hay Newman: I was just about to do the callback. Thank you, Mike.
Michael Calore: Oh, you're welcome. Always here to serve. Well, thanks for coming on the show, Lily. It was great to have you on again.
Lily Hay Newman: Yeah. It's always fun to be here. Thanks.
Lauren Goode: Lily, it was so much fun.
Michael Calore: And thank you all for listening. If you have feedback, you can find us on Twitter. Just check the show notes. Our producer is Boone Ashworth. We will be back next week. And until then, goodbye.
[Gadget Lab outro theme music plays]