Sign in with
Sign up | Sign in

Hacking an Electronic Highway Sign is Way Too Easy

By - Source: Tom's Guide US | B 9 comments
Tags :

Credit: @ISUN_HACKERCredit: @ISUN_HACKER

You know those electric highway signs that often display annoying but important messages about upcoming traffic concerns? They're called dynamic message signs, and a certain brand of them is as easy to hack as changing lanes on the highway. 

According to an alert from the US Department of Homeland Security, the dynamic message signs by Brookings, South Dakota-based company Daktronics Vanguard all come with the same default password, and they can be accessed remotely over a network connection. That's the digital equivalent of locking your front door but leaving the key in the lock.

MORE: Best Antivirus Software 2014

Daktronics Vanguard says these passwords can and should be reset, so at least the signs aren't stuck with their default passwords. So it's on the signs' operators, such as state Departments of Transportation, to change the password.

Prank hacks of these highway signs happen all the time. Last week, three different North Carolina highway signs were hacked and reprogrammed to display the message "Hack by Sun Hacker."

On Twitter, a user who appears to be the same Sun Hacker described the method: "Change the lan of VPN to INTERNET protocol. Scan all the range of the IP on port 23. Bruteforce the password. Add your message."

Basically, this amounts to switching the signs from a virtual private network (VPN), an ostensibly secure connection separate from the general Internet, to a more accessible Internet protocol, then locating the sign's unique IP address. "Bruteforce" refers to a technique hackers use to crack passwords by writing a (fairly simple) program that automatically tries every single combination of letters and numbers, starting with the simplest and escalating in complexity. A password like "1234" can be cracked within seconds by a basic "bruteforce" attack.

In other words, what Sun Hacker and his or her ilk do is pretty basic. "Near as I can tell, Sun Hacker is an unremarkable script kiddie who enjoys defacing Web sites," wrote independent security expert Brian Krebs on his blog.

As evinced by Department of Homeland Security is getting involved, it follows that more malicious hackers could do more damage than a harmless prank with this vulnerability as well.

Email jscharr@tomsguide.com or follow her @JillScharr and Google+.  Follow us @TomsGuide, on Facebook and on Google+.

Add your comment Display 9 Comments.
  • 0 Hide
    pills161 , June 6, 2014 9:43 AM
    Sun Hacker has absolutely no life, he/she needs to go find a real job.
  • 5 Hide
    JohnnyBloomington , June 6, 2014 10:55 AM
    Sun Hacker brought awareness to poor/lazy state DOT.
  • 3 Hide
    WyomingKnott , June 6, 2014 12:53 PM
    Imagine "Speed limit 95. Please drive on the left-hand side." Must be terrorists.
  • 0 Hide
    coolitic , June 6, 2014 2:11 PM
    Sun hackers is an idiot, and so are the guys who make these signs.
  • 5 Hide
    JOSHSKORN , June 6, 2014 4:03 PM
    The combination is 1-2-3-4-5. That's the stupidest combination I've ever heard in my life. That's the kind of thing an idiot would have on his luggage!
  • 0 Hide
    mamasan2000 , June 6, 2014 4:26 PM
    The signs need to get a life! Spouting nonsense!
  • 1 Hide
    Someone Somewhere , June 6, 2014 9:39 PM
    Your honour, I was not speeding. I was perfectly within 200km/h. Look at the speed signs yourself.
  • 0 Hide
    reactive , June 9, 2014 5:07 AM
    The signs here in the UK are usually so ridiculous that they deserve to be hacked, just to amuse drivers. "FOG" they say when it's mildly foggy; "POOR DRIVING CONDITIONS" when it's raining; or "LOW SUN" when the sun is in your face and you can hardly read the sign anyway. And in Wales (stuck on the left side of England), every other sign on the M4 is in the Welsh language... which about 5% of the local population could actually understand or care to read... so making half the signs *totally* meaningless to about 97% of the road users (including foreign drivers)! How's that for stupid?
  • 0 Hide
    jhansonxi , June 9, 2014 7:43 AM
    I worked for a different company that made similar signs. Their security wasn't much better. These signs are generally custom-made for government contracts. The requirements often mandate ridiculous things because some bureaucrat though it made themselves look knowledgeable, while ignoring really critical aspects like safety and security. Some requirements are made specifically to fit one vendor's existing product line to help them underbid competitors.
React To This Article

Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter