Monday, May 9, 2022

Cory Doctorow on right-to-repair, VIN-locking and kill-switching: John Deere (and many others)

Read the whole thing - Right-to-repair, VIN-locking and kill-switching: 

John Deere makes this claim: in its battles against the right to repair, Deere styles itself as the guardian of the world’s food supply, whose information security is all that stands between us and a Russian (or Chinese, or supervillain) shutdown of the world’s ag-tech.

They’re not wrong: John Deere’s decision to build ag-tech that can be remotely controlled, disabled and updated, along with its monopolization of the world’s ag-tech market, means that anyone who compromises its system puts the world’s food-supply at risk.

Which is a terrifying proposition, because John Deere has extraordinarily terrible information security. When Sick Codes probed Deere’s security, they found glaring, serious errors that put the entire food supply chain at risk.

Worse, John Deere seems to have no clue as to how bad it is at security. In the company’s entire history it has never once submitted a single bug to the US government’s Common Vulnerabilities and Exposures (CVE) database. As far as Deere knows, its security is literally perfect.