Analyzing Smart Farming Automation Systems for Fun and Profit
Black Hat USA 2025 · Day 1 · Briefings
Two OT penetration testers discovered catastrophic vulnerabilities in FJDynamics smart tractor automation systems — sold in Europe under the FJDynamics and SVIAGRO brands — that allowed them to passively track tens of thousands of farming vehicles worldwide, lock any tractor's automation remotely, and ultimately gain full root code execution on the onboard Android tablet via a spoofed firmware update, culminating in a proof-of-concept steering wheel takeover. ---
AI review
Two OT pen testers turned a tractor GPS kit into a global surveillance platform, a fleet lockout weapon, and a remote steering hijack — and the entire attack chain runs on a wildcard MQTT subscription and a vendor-pre-rooted Android tablet. The safety implications are real and the demo is visceral. Novel target, competent execution.