Science fiction stories often have tales of computerized devices taking over the world. Probably a more immediate worry, rather than the devices controlling us, would be hackers take over those devices, as that is already happening. Cyber security researcher, Graham Cluley, clues us in on happenings in downtown LA where hackers changed the words on a traffic sign. Not the first time, of course. His article also mentions road signs warning of approaching Daleks and even a pending British invasion.
The threat of a mastermind Moriarty broadcasting a sinister message to the world through every road sign, advertising sign, and every TV channel, is still a bit distant, but as attacks appear daily on individual devices, the threat comes closer to home. Any devices that have remote programming access via the internet could be vulnerable, from road signs or laboratory equipment to phone systems and alarm systems – any network connected device. On our TSCM inspections we often find unsecured wifi connections that could serve as an portal for cyber attacks. Even those not connected online could be open to attacks from inside your organization.
From grahamcluley.com:
It seems that the Los Angeles Department of transportation isn’t launching a bold new literacy campaign after all.
Instead, hackers – perhaps concerned that computers may be sounding the death knell for the old-fashioned book, and that the Twitter generation are unrepared to settle down with a hot mug of cocoa for more than 140 characters – amused themselves a few days ago placing a vulgar message on a downtown Los Angeles road sign.
Daina Beth Solomon, a student at USC Annenberg in Los Angeles, took the above photograph and posted it on twitter. @dainabethcita
Daina Beth Solomon, a student at USC Annenberg in Los Angeles, took the above photograph near Bunker Hill and suggested that some travellers might like to adopt it as a New Year’s resolution.
However, the people who should be resolving to do better are the companies who set up these electronic signs as there has been a long history of unauthorised meddling on such devices.
Dr. Who’s Daleks were reported in Colorado in 2012
This is far from the first time that I’ve found myself reporting on sloppy security at roadworks allowing mischievous hackers to muck about with road sign messages.
In the past there have been warnings of zombie outbreaksand even a Dalek invasion, a reminder to “POOP” and even the breaking news that British forces are invading America.
Of course, this kind of thing seems very amusing to most of us, but there *is* I’m afraid some serious points to be made here.
Firstly, pranking about with road signs isn’t a smart idea – either for motorists who might need information, or for the hackers who were probably physically beside the sign when its message was changed.
Secondly, the control systems used to control electronic road signs are supposed to be kept under proper lock-and-key. Even if they are not physically secured, they should at least be electronically protected with a password to prevent unauthorised changes. I wouldn’t be surprised at all if the LA road workers had “protected” the device with a default password, or if there’s a piece of paper taped to the controller with the password scribbled onto it.
As many of us in the computer security world know, making your password easy to work out is never ever a good idea.
Sherlock’s Moriarty broadcasts his face and message to all advertising signs, tv stations, and even car GPS displays throughout the UK…
