Black Hat USA 2025 | Analyzing Smart Farming Automation Systems for Fun and Profit

The Black Hat USA 2025 talk examined the rapid rise of smart‑farming automation kits that retrofit conventional tractors with GPS‑guided steering, tablet HMI, and cloud‑connected services. The presenters, Felix and Bernhard, highlighted how inexpensive add‑on solutions—typically $5‑10 k—are being sold across Europe and Asia, turning multi‑million‑dollar machinery into data‑rich IoT endpoints.

Their research uncovered a severely flawed MQTT architecture: devices communicate over TLS but skip certificate validation, reuse a single username/password pair, and expose a client‑side TLS certificate that can be extracted with dynamic instrumentation. By hijacking the broker, the team impersonated any tractor, subscribed to wildcard topics, and harvested real‑time GPS, telemetry, and even farmer email addresses from tens of thousands of units worldwide.

Demonstrations included a ransomware‑infected milking robot that halted vital cow health data, an infrared drone spotting wildlife before plowing, and a live lock‑command exploit that disabled a tractor’s automation and flooded the operator with pop‑up alerts. The researchers also mapped tractors operating on public roads and near conflict zones, revealing both privacy violations and geopolitical exposure.

The findings underscore a critical security gap in agricultural IoT: insecure credential management, inadequate broker authorization, and the ability for a single attacker to disable or manipulate field equipment at scale. Farmers face operational downtime, data privacy breaches, and potential safety hazards, while vendors risk regulatory scrutiny and loss of trust unless they overhaul authentication, encryption, and device‑level controls.