News
Blogs
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
IT Careers
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Industry
This Week in Print
Print Subscriptions


Ads by TechWords

See your link here


Michael R. Farnum's picture
Michael R. Farnum

Hitting the Security Nerve

More posts | Read bio

January 28, 2009 - 3:28 P.M.

Default passwords on road signs in Austin

8 comments

I lamented a while back on my personal blog about default passwords.  It was inspired by a client who had us doing a security assessment.  We found a default password on the device that aggregated all of their Internet connections (argh).

And now Austin, TX, is feeling the same pain on default passwords, but it is not on anything like their Internet connection.  No, their problem is with road signs.  Yep, you read that right - road signs.  Here's the story.  Fox News is reporting "that a portable traffic sign at Lamar Boulevard and West 15th Street, near the University of Texas at Austin, was hacked into during the early hours of Jan. 19."  The jokesters changed the sign to read "Zombies Ahead".  The article quotes a post at i-hacked.com about how to hack the signs (Computerworld, i-hacked, and I do not condone the illegal hacking of anything, and that includes street signs) and also quotes the sign manufacturing company as saying that the signs are "tamper-resistant and equipped with external locks."  But as the story says, "the signs can be easily altered because their instrument panels are frequently left unlocked and their default passwords are not changed."

Now on the surface, this is pretty funny.  Yes, it can be dangerous, but it is still funny.  But the point is that default passwords are still a problem with even security and network professionals.  What do you expect from people who deploy road signs?  I am not saying road crews are stupid.  I am saying that they are not thinking that someone is going to hack their signs.  That is just not their main focus. 

So will the sign manufacturers do anything to make them more secure?  Probably not.  This is simply a low risk problem.  Not many people are going to jack with the signs, so the incidents are going to be low.  And if they try to complicate the security, they might make things difficult and less efficient for road crews (imagine having to maintain a password list for all the road signs in your city - they would probably end up writing the password in permanant marker on the inside panel anyway).  Of course, if someone gets hurt or killed because of this and families sue, then things will change.  But like always, it takes a serious incident to get anyone to do anything.  Unfortunate, but true.

What People Are Saying

Add new comment

Hacked Road Sign in Marin County, CA

Submitted by Anonymous on February 2, 2009 - 12:17 P.M.

After the .com bust I drove a public transit bus for a few years. One day driving on Highway 1 North from Mill Valley, CA, there was a road sign that was hacked to display all the lyrics to "Holiday in Cambodia" by the Dead Kennedys. Now that was funny. Unfortunatly, most of my passengers were teenagers who were too young to know Dead Kennedys lyrics and appreciate them.

Reply | Report this comment

Home routers

Submitted by Michael Horowitz on January 29, 2009 - 12:45 P.M.

For home users, I strongly suggest they change the default router password, write the userid/password on a piece of paper and tape the paper to the router itself. Simple and secure.

Reply | Report this comment

That is not security!!!

Submitted by Anony Mouse on February 2, 2009 - 9:33 A.M.

Michael,

Are you kidding? That is as bad as a user at a company having their user credentials on a sticky note on their keyboard or monitor or not even changing the defaults! Shame on you for suggesting such a lame measure.

Defaults must be changed. While I am not saying these items should not be written down somewhere and kept safe, they should not be attached to the router. That is just a horrendous security practice - even for home users.

I look for proper locations to secure hints in the environment, but NOT attached to the item I am trying to secure for any of my clients.

Reply | Report this comment

If the device was in a

Submitted by Taylor on February 2, 2009 - 3:40 P.M.

If the device was in a business I would say you are correct... but in a home I don't think it is an issue to put the password with the router. The user is much more likely to use a "secure" password as a result and as the other poster said if someone gets in your house it is a much bigger issue. Resetting the router password to defaults would be a pinch of course... Or just pop a usb pen drive in the nearest windows box with ready to install spyware, viruses, trojans, etc.

Reply | Report this comment

Actually, its pretty good

Submitted by Anonymous on February 2, 2009 - 12:05 P.M.

Actually, its pretty good simple practice to put the password on the home router. This way, you can change the password without having to worry about forgetting it.
An attacker will have a much harder time getting into my router remotely.
If an attacker is physically in my home, then knowing the password to my router is no longer relevant. They can simply plug directly into my pc, log on to the console or just unplug it and walk away with it.

Reply | Report this comment

Even Worse

Submitted by Scott on January 28, 2009 - 9:40 P.M.

Even worse, if the password has been changed, its a simple matter of entering a special key combination to reset it back to the default password.

Reply | Report this comment

An vital role in society

Submitted by Ken Gagne on January 28, 2009 - 5:07 P.M.

It takes hackers to get the important news out!

Reply | Report this comment

Important news?

Submitted by synykl on January 29, 2009 - 6:15 P.M.

Come on, if you don't already have a Zombie Survival Plan, the warning a road sign can give you is too little, too late.

Reply | Report this comment

Related Posts

Spam Judo: ultimate solution or academic reinvention?
Techcrunch down; Apple tablet hype hack?
Facebook and McAfee is good, but free is better
'Operation Aurora' Google China patches imminent

Editor's Picks

Mitch Wagner: Google Buzz buzzkill

Court to review standards for cell phone data requests

Researchers warn of likely attacks against Windows, PowerPoint

New Russian botnet tries to kill rival

Panasonic takes swing at rugged rivals, launches latest Toughbook tablet

Chinese artist-dissident lauds Google plan to stop censoring

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.