Hackers have been f**king with downtown LA's road signs

It seems that the Los Angeles Department of transportation isn't launching a bold new literacy campaign after all.

Instead, hackers - perhaps concerned that computers may be sounding the death knell for the old-fashioned book, and that the Twitter generation are unrepared to settle down with a hot mug of cocoa for more than 140 characters - amused themselves a few days ago placing a vulgar message on a downtown Los Angeles road sign.

Daina Beth Solomon, a student at USC Annenberg in Los Angeles, took the above photograph near Bunker Hill and suggested that some travellers might like to adopt it as a New Year's resolution.

However, the people who should be resolving to do better are the companies who set up these electronic signs as there has been a long history of unauthorised meddling on such devices.

This is far from the first time that I've found myself reporting on sloppy security at roadworks allowing mischievous hackers to muck about with road sign messages.

Poop sign
In the past there have been warnings of zombie outbreaks and even a Dalek invasion, a reminder to "POOP" and even the breaking news that British forces are invading America.

Of course, this kind of thing seems very amusing to most of us, but there *is* I'm afraid some serious points to be made here.

Firstly, pranking about with road signs isn't a smart idea - either for motorists who might need information, or for the hackers who were probably physically beside the sign when its message was changed.

Secondly, the control systems used to control electronic road signs are supposed to be kept under proper lock-and-key. Even if they are not physically secured, they should at least be electronically protected with a password to prevent unauthorised changes. I wouldn't be surprised at all if the LA road workers had "protected" the device with a default password, or if there's a piece of paper taped to the controller with the password scribbled onto it.

As many of us in the computer security world know, making your password easy to work out is never ever a good idea.

In case you were wondering, Traffic Management Incorporated, the company that owns the trailer-based sign, and the Los Angeles Department of transportation both acknowledged that the sign (and another close by) were hacked, and that their correct messages have now been restored.

Hat-tip: @dainabethcita

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

One Response

  1. Coyote

    January 11, 2015 at 9:48 pm #

    However, the people who should be resolving to do better are the companies who set up these electronic signs as there has been a long history of unauthorised meddling on such devices.

    And not just during the beginning of the year!

    Of course, this kind of thing seems very amusing to most of us, but there *is* I’m afraid some serious points to be made here.

    The issue, if I may, is that the actual messages can be amusing (though I'm not sure this one is as I get to below) but the thought is very different from the actual act. Indeed, the actual act has serious implications, most significant being the one you got to first: traffic is not a game to be played. I recall a stop sign being turned around by some vandals here, years ago, and that kind of disregard for life (and that is what it is) isn't punished severely enough (the risks are high and it isn't funny). And LA has some very bad areas (for traffic although yes it also has bad areas in other respects). But even in places where it isn't so bad, those signs don't have messages for fun (and even if some did that doesn't mean they don't also have important messages (and even if they didn't, the fact is it is irresponsible to assume and it is a serious issue regardless)).

    I wouldn’t be surprised at all if the LA road workers had “protected” the device with a default password

    Well they wouldn't be the first and sadly they wouldn't be the last. But I would argue that while that is one way of breaching it, I think – as I'm sure you do – there are plenty others that are abused.

    The most ironic and most sad thing in their message:

    Yes, reading is a good thing. No, it isn't when you're driving. Yes people do that. They do all sorts of stuff and I'm not even referring to looking at their phone. In addition, if they truly wanted it to be sincere (rather than thinking they are funny (which they aren't)) they would send the message in a way that doesn't abuse public services. In short: the supposedly (in truth, the person suggesting it as such is actually being more clever than the message is – by far – but I'm leaving this here in any case) good resolution ('message' in their mind, perhaps) they suggest is not at all good because the message is only part of it: how it is done also matters. Of course, they would do this any time of the year because they aren't really after suggesting resolutions (and why not do it year-round then ?) -they just think they're funny (the very fact they failed to do it without the F word shows how very clever they are NOT and therefore not funny (yes, the word can be used in clever ways but this was not such a use – it was a fill-in because that is all they are capable (so in fact they're showing the opposite of what they think they are))).

Leave a Reply