In our latest podcast, Paul caught up with Sick Codes (@sickcodes) to talk about his now-legendary presentation at the DEF CON Conference in Las Vegas, in which he demonstrated a hack that ran the Doom first person shooter on a John Deere 4240 touch-screen monitor.
Software security often operates in a zone that is well removed from the understanding and awareness of the general public. DEF CON, the annual DEF CON hacking conference, makes a point to bridge that divide in awareness and understanding. The show, which just celebrated its 30th anniversary, is renowned for dramatic demonstrations of software security weaknesses designed to grab the public’s attention: from the late, great Barnaby Jack demonstrating flaws in automated tellers by forcing one to spit out a steam of bills on stage, to Charlie Miller and Chris Valasek’s demonstration video of a Jeep Cherokee being driven off the road via remote software attack.
That proud tradition continued at this year’s event, though the demonstration that got all the attention was bit more on the surreal side: a John Deere branded touch screen monitor playing a custom, farm-themed version of the classic Doom first person shooter game.
Surreal or not, the presentation went viral, with stories popping up everywhere from Wired to Jalopnick and ricocheting across the globe. The story got considerable traction with the gaming community, as well, for obvious reasons.
Not a game: serious questions on Ag cyber
But behind all the fun and games are some serious questions: about the security of precision agricultural equipment that can be remotely controlled from the cloud, and about the Orwellian conditions suffered by many farmers who find themselves locked out of and unable to fix their own equipment when it breaks.
To talk about those, we invited the researcher responsible for the Doom demonstration – known as Sick Codes– back on the podcast. In this interview, the first of a two-part podcast, we talk about his origin story and how it was he came to start poking around inside John Deere hardware and software.
Gas Light PR.
We also talk about the myriad implications of his entertaining “Deere on a Doom” demonstration – from its cyber security implications to the role of jailbreaking in achieving a right for farmers to repair their own equipment. We also discuss his complicated relationship with Deere corporate, which has privately acknowledged his findings but publicly downplayed or attempted to refute his findings – a form of corporate “gas lighting” that Sick Codes said is unprecedented, in his experience.
To start out I asked Sick Codes to go way back and talk about how he came to work as a security researcher. You can check out our full conversation using the player, above, or by clicking on the Download button below!
As always, you can check our full conversation in our latest Security Ledger podcast at Blubrry. You can also listen to it on iTunes and check us out on Spotify, Stitcher, Radio Public and more. Also: if you enjoy this podcast, consider signing up to receive it in your email. Just point your web browser to securityledger.com/subscribe to get notified whenever a new podcast is posted.