It seems that the Los Angeles Department of transportation isn’t launching a bold new literacy campaign after all.
Instead, hackers – perhaps concerned that computers may be sounding the death knell for the old-fashioned book, and that the Twitter generation are unrepared to settle down with a hot mug of cocoa for more than 140 characters – amused themselves a few days ago placing a vulgar message on a downtown Los Angeles road sign.
— Daina Beth Solomon (@dainabethcita) January 9, 2015
Daina Beth Solomon, a student at USC Annenberg in Los Angeles, took the above photograph near Bunker Hill and suggested that some travellers might like to adopt it as a New Year’s resolution.
However, the people who should be resolving to do better are the companies who set up these electronic signs as there has been a long history of unauthorised meddling on such devices.
This is far from the first time that I’ve found myself reporting on sloppy security at roadworks allowing mischievous hackers to muck about with road sign messages.
Of course, this kind of thing seems very amusing to most of us, but there *is* I’m afraid some serious points to be made here.
Firstly, pranking about with road signs isn’t a smart idea – either for motorists who might need information, or for the hackers who were probably physically beside the sign when its message was changed.
Secondly, the control systems used to control electronic road signs are supposed to be kept under proper lock-and-key. Even if they are not physically secured, they should at least be electronically protected with a password to prevent unauthorised changes. I wouldn’t be surprised at all if the LA road workers had “protected” the device with a default password, or if there’s a piece of paper taped to the controller with the password scribbled onto it.
As many of us in the computer security world know, making your password easy to work out is never ever a good idea.
In case you were wondering, Traffic Management Incorporated, the company that owns the trailer-based sign, and the Los Angeles Department of transportation both acknowledged that the sign (and another close by) were hacked, and that their correct messages have now been restored.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.