Flaw Lets Hackers Control Electronic Highway Billboards

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2014/06/flaw-lets-hackers-control-electronic-highway-billboards/85849/

By Aliya Sternstein
Nextgov.com
June 5, 2014

The Homeland Security Department is cautioning transportation operators 
about a security hole in some electronic freeway billboards that could let 
hackers display bogus warnings to drivers.

"The vulnerability is a hard-coded password that could allow unauthorized 
access to the highway sign," DHS officials said in an alert on Wednesday. 
Hard-coded passwords, sometimes called back doors, are default logins that 
software developers code into their programs. The vulnerability was 
identified in Daktronics Vanguard highway notification sign configuration 
software, officials said.

A "proof of concept" method to exploit the flaw has been made available, 
DHS officials warned. The Federal Highway Administration informed DHS of a 
public report of the vulnerability, Homeland Security officials said.

Officials have notified the vendor to confirm the issue and figure out a 
fix. In the meantime, they are recommending users "review sign messaging," 
update passwords and secure communication paths to the signs.

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/