Flaw Lets Hackers Control Electronic Highway Billboards

Aliya Sternstein | Nextgov.com | June 5, 2014

The Homeland Security Department is cautioning transportation operators about a security hole in some electronic freeway billboards that could let hackers display bogus warnings to drivers.

"The vulnerability is a hard-coded password that could allow unauthorized access to the highway sign," DHS officials said in an alert on Wednesday. [See update below.] Hard-coded passwords, sometimes called back doors, are default logins that software developers code into their programs. The vulnerability was identified in Daktronics Vanguard highway notification sign configuration software, officials said.

A "proof of concept" method to exploit the flaw has been made available, DHS officials warned. The Federal Highway Administration informed DHS of a public report of the vulnerability, Homeland Security officials said. Officials have notified the vendor to confirm the issue and figure out a fix. In the meantime, they are recommending users "review sign messaging," update passwords and secure communication paths to the signs...