A short history of hacked billboards and road signs

Graham Cluley

A short history of hacked billboards and road signs

A short history of hacked billboards and road signs

Hacked roadside billboards are in the news again, so it felt like a good time to take a look back on some of the more notable incidents that have caught the media’s attention in the past…

January 2009

No, you don’t have to worry about a botnet bombarding you. It’s zombies in Austin, Texas, you have to watch out for.

Zombie traffic

“ZOMBIES AHEAD”


May 2012

Practical jokers meddled with a a road sign to warn drivers of an invasion from Skaro’s much-feared tin pepperpots:

Daleks ahead pic

“WARNING DALEKS AHEAD”


January 2015

It’s a new year, but mischief-makers have quickly forgotten their resolution not to f**k around with road signs.

At least they’re encouraging literacy…


May 2015

Hackers remotely attacked an electronic billboard display to show the obscene Goatse image (Don’t Google it. If you don’t know what Goatse is, consider yourself lucky. You’ve been warned.) to motorists and passers-by in the affluent uptown Buckhead district of Atlanta.


August 2017

Naughty Welsh hackers meddled with a billboard on Cardiff’s main shopping street, to display swastikas, far-right images, and Big Brother.

Hackers hijack central Cardiff billboard to display swastikas and more...

As Carole Theriault discussed on an episode of the “Smashing Security” podcast, the hackers seized control of the digital advertising display after stealing its TeamViewer login credentials and locking out its genuine operator.

Smashing Security #036: 'Flash? Clunk flush... and hacking security researchers'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...


September 2019

It’s not all zombies and porn, sometimes road sign hackers can comment on topical political news stories.

“IMPEACH THE BASTARD”


September 2019

And, back to porn again…

Drivers on the interstate in Auburn Hills, Michigan, were greeted by an eyebrow-raising sight: a pornographic movie featuring adult actresses Xev Bellringer and Princess Leia (with a possible bit part played by an unidentified gentleman).

Police posted video footage of two suspects breaking into a shed containing the computer which was controlling the billboard.

We discussed the whole sordid affair with the type of gravitas it rightly deserves on an episode of the “Smashing Security” podcast.

Smashing Security #148: 'Billboard boobs, face forensics, and Alexa gets way too personal'

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...


Although lists like this can be amusing, we shouldn’t ignore that there’s a serious side to this.

Hacked electronic billboards and road signs can be a huge distraction for motorists, and it’s easy to imagine how an accident could occur which might result in a driver or pedestrian being injured… or worse.

I’m sure most of these roadside defacements are being done with mischief in mind, exploiting default passwords, a lack of multi-factor authentication, poorly-maintained systems, and sloppy security (sometimes it’s poor computer security, sometimes physical, not uncommonly it’s both).

In short, if you hack a road sign or electronic billboard you might gain the attention of the media but you’re not proving that you have done anything “clever” or “novel”. There are rarely leet hacking skills on show in such attacks, and no-one who knows anything about security is going to be remotely impressed.

Nonetheless, because you may be putting public safety at risk, don’t be surprised if law enforcement officers fail to see the funny side of your roadside prank.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.