As reported by Motherboard, a pair of bugs in John Deere’s apps and website could have allowed hackers to find and download the personal data of all owners of the company’s farming vehicles and equipment, according to a security researcher who found the vulnerabilities.
There is no evidence that hackers exploited these flaws. The researcher, who goes by Sick Codes, reported them to John Deere on April 12 and 13 and the company fixed one of the bugs just three days later. The company fixed the second bug on Wednesday, according to the researcher.
Before the fixes, the vulnerabilities, if exploited, would have exposed personal data about John Deere’s customers, including their physical address, according to Sick Codes.
<p>Any device connected to another via a network has the potential of being hacked whether it be a computer, a dishwasher or a tractor. What this suggests is that companies still do not patch their systems, in order to try to save time, money or effort. However, it has the opposite effect at scale should an organisation be attacked. Losing customer data, having it leaked, or having the network locked down and held to ransom can have catastrophic consequences which can have long-term effects on a business.</p> <p> </p> <p>Cybersecurity is an investment and should never be viewed as an expense. Organisations must realise that they will inevitably be on the radar for an attack and must be able to thwart those attacks and force them to move along to the next more vulnerable target.</p>