Apps

Hacked Miami road sign highlights password and physical security lapses

Vandals hacked a Miami-Dade county road sign to read "NO LATINOS." Better physical and password security could have prevented the attack.

Digital vandals changed an electronic traffic sign on the Palmetto Expressway in Northwest Miami-Dade county to read "NO LATINOS NO TACOS." According to NBCMiami.com, the sign was altered sometime early Tuesday morning. By 6 AM, the Florida Highway Patrol and a road crew were working to reset the sign's message and had turned the sign away from the road.

This isn't the first time someone has hacked the message on a highway sign. In January 2009, vandals in Austin, Texas changed a sign's message to read "ZOMBIES AHEAD."

Lax physical and poor password security

Both incidents should drive home the importance of two fundamental IT security measures--limiting physical access and changing a systems default administrative password.

According to I-hacked.com, road crews routinely fail to lock the access panel which protects a sign's control pad. And even though the pads are often password protected, many people leave the system's default admin password in place. And even if the password has been changed, digital miscreants may be able to reset the admin password back to the default with a few keystrokes.

Lax physical security, poor administration, and an easily resettable password made this highway signs an easy target.

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

67 comments
freaknout
freaknout

Common issue. Due to cost most of these units are rentals. On top of that there are generally only a couple of manufactures approved for use. Given the realities of the situation the passwords are all the same and never locked for practicality purposes. The odds of losing a key to a padlock are higher then any other problems. Therefore the whole issue is common. Basically if you know the default password as set by the manufacturer or by the rental company you can do what ever you want. To be honest Im really surprised it doesn't happen more often then it does. Oh and it is funny IMHO

PhotoEventos
PhotoEventos

Someone should hack it again and write OBAMA SUCKS

PhotoEventos
PhotoEventos

Someone should hack it again and write OBAMA SUCKS

CharlieSpencer
CharlieSpencer

'Digital vandals changed an electronic traffic sign on the Palmetto Expressway..." I've got my own highway!!!!! I'm somebody now!!!!! I'll bet Max and santee don't have their own highways.

Bill Detwiler
Bill Detwiler

Digital vandals changed an electronic traffic sign on the Palmetto Expressway in Northwest Miami-Dade county to read ?NO LATINOS NO TACOS.? Original post: http://blogs.techrepublic.com.com/itdojo/?p=1806 This incident highlights the importance of physical and password security on non-traditional computer systems. Is your organization's IT department directly responsible for securing such systems? If not, who is? Do you provide security training for those who are?

PhotoEventos
PhotoEventos

Yeah its funny when you arent a latinoamerican

Darryl~
Darryl~

a low life tech in Venezuela.

john3347
john3347

'Tis a shame that your highway must be 1000 miles away from you and limited to non-Latinos.

l_creech
l_creech

has his own city in southern California just east of San Diego. Turning into a pretty upper middle class area according to my baby sister.

SP Joe
SP Joe

Ever heard of Palmetto bugs?

JackOfAllTech
JackOfAllTech

In Brooklyn, Ohio off of Broadview Rd. just north of Brookpark Rd.

NickNielsen
NickNielsen

Max has a dance–the Max boogie–and Santee has a legal stipulation–the Santee Clause. :p

pjboyles
pjboyles

Often the issue is that the person who makes the final decision chooses.... poorly. Or even more often, IT has no input, influence or control over these types of items.

Dr_Zinj
Dr_Zinj

Obviously most of us are not physical security experts (except maybe some of us former military types); so we have to work with the security department (guards) and facilities and maintenance departments to plan and implement comprehensive physical security measures. This assumes you work at a company that is big enough to have these as separate departments. I worked for a small company several years ago as a network admin. Total of 4 people in I.S. and no security personnel. The company purchased a suite of 1st floor offices, and both my boss and I recommended to the CEO that they install bars across the windows as a security measure. We both were ignored and sure enough; about 2 months after they'd moved in, theives broke in, stole the computers and potentially gained access to all the information for several states that Medicare and Medicaid had on them. All the code keys, biometrics, and passwords in the world are virtually useless if the intruders can gain physical access to your systems.

bryantwalley
bryantwalley

Was anyone caught? How do they know that someone responsible for programming the sign didn't put the message on it?

JCitizen
JCitizen

all is fair in love and war.

mcbinder
mcbinder

You don't have to be a Republican to know the truth... Although sometimes it helps. mcb

mcbinder
mcbinder

Santee only hopes to someday make it to "class", much less "upper" or "middle". mcb San Diego

swaling
swaling

Natural Male suppliment- snake oil- for hair regrowth and prostate health- BTW- come on... it is funny- but maybe better placed on the Arizona/Mexico border.

Contradiction
Contradiction

just to show them that they have a problem with their security. Digital Vandals? What a name for a gang!

JCitizen
JCitizen

I swear I saw something like the Santee Cuttoff, up in Maine somewhere! :^0

Neon Samurai
Neon Samurai

.. but then, at least one user would have left an encryption passphrase laying around. May have protected the other machines though.

freaknout
freaknout

pretty obvious it was another construction worker with familiarity of the password and programing of the very likely rental unit. That and the content of the message really leans in that direction

AnsuGisalas
AnsuGisalas

Now I have that old WWII era song on my mind... "Theeere may be zoombies aheead..." You know, the one that was used in the Fallout game series too at one point.

Neon Samurai
Neon Samurai

If you look online there is at least one "top 10" list of vanalized signs. The plee for help is probably my favorite so far.

santeewelding
santeewelding

Is that the impressionable probably believed it, keeping a sharp eye out for lurching shapes.

GSG
GSG

someone gets hurt. Yes, it seems funny, but remember that those highway signs are there for a purpose. There's one that I pass on my way home from work that will warn of accidents ahead. It's a hilly region and without that sign, you could top a hill and be right on an accident with no way to stop. We've had a few emergency workers killed that way. Or even think about the inconvenience. What if there's a traffic jam ahead and it was supposed to warn you to take the next exit. Yep, real funny that some idiot has to get his jollies doing cr@p like this.

NickNielsen
NickNielsen

or fools of any persuasion, I will allow that you might be incapable of recognizing sarcasm.

JCitizen
JCitizen

his iron hammer "pen" (keyboard), has transcended all! And yes, the Santee Turnpike, has a nice ring to it! :)

santeewelding
santeewelding

In Santee to annex San Diego, enforce the payment of tribute, and to silence critics.

CharlieSpencer
CharlieSpencer

I though he was suggesting a location to grow saw palmetto. While I think jaime's reaction may have been stronger than justified, at least now I see what set him off. Daffy Duck, again: "Pronoun trouble!"

santeewelding
santeewelding

An attempt to see how the words appear in print by (his) own hand, specially the regal and capitalized, "Xenophobia". In the body of the post they appear in more subtle, adjectival form, as though by an attempt to drag out their import, unexplained and barren of any original analysis, the words alone a slap. What [b]jaime[/b] may not see is that both words -- used unconditionally and without restriction -- partition all humanity into two camps: Us and Them. No surprise to which camp [b]jaime[/b] ostensibly and unthinkingly belongs.

jaime_omh
jaime_omh

That is a racist and xenophobic joke, as well as your post.

pschulan
pschulan

It's good for cockroaches too. Ever seen a Palmetto bug? Those things are 3 inches long and they fly. Flying cockroaches. Think of the possibilities!

frances
frances

those lawyers didn't get all litigious on the "curious student"!

robhuck
robhuck

A few years back while I was in college class we were going over MS RDP. We were looking at the TSWEB functionality and doing a google search to see how easy it was to find it. One of my class mates tried 'admin' and 'admin' for a username and passowrd and he got into a lawyers office server. It was some pretty interesting stuff. To show them about their security issue he installed 3 of their network printers on his computer and printed a message about how he got in and what credentials were used and why they needed to tighten their security. There was a LOT of confidential information right at our fingertips. It's a good thing it was just a curious student and not a malicous attacker.

jdriggers
jdriggers

I live a short drive from the lake and canal. That Santees got it all. Great fishing or lying around roasting in the sun. Palmettos got him beat with a flag, tree, now Highway,state, the list goes on. All I have is a county!

boomchuck1
boomchuck1

When I was living in Key West I was told that your neighbor might have cockroaches, but you have Palmetto bugs.

NickNielsen
NickNielsen

or an SC native. I'd forgotten all about the lake.

CharlieSpencer
CharlieSpencer

A town, outlet mall, dam, and lake with fishing tournament.

Rick_from_BC
Rick_from_BC

yelling at his wife's lawyer to "get off my financial statement!"

boomchuck1
boomchuck1

Oh, I recall rearranging the letters on a reader board outside a business once. No password needed for that! And for me 50 is getting pretty distant in the rearview mirror.

freaknout
freaknout

The standard message systems are not the same as the portable message signs. Whole different deal. The portables are solely self contained and have to be programed manually at the unit. The time message systems are networked and controlled by you SHA/DOT's. As far as messages, speaking for a temp maintenance traffic control standpoint these VMS (variable message signs) units are only supposed to be used sparingly and never over 14 days in one location. Otherwise FHWA studies show they are pretty much ignored anyway. Truth of the matter as DOT's keeping using them all the time they become more and more useless.

johnmckay
johnmckay

You're supposed to be bright enough to drive safely. That means slowing down when you can't see what's ahead, and maybe even thinking as you drive. Most of us can foresee danger, and adjust from 100mph to 70 on bends, and jeez, 50 if that's as far as we can see. Come on... most of the signs I see tell me zippo about live traffic. No excuses for these guys being dumb and racist, and outright cheeky.... but you can't accuse them of killing traffic workers. That's a step way to far ! Drivers kill folk, drivers crash, drivers drive too fast for the conditions (that includes me, I've done enough dumb ass things and been fortunate not to hurt someone)... tampering with signs is NO excuse for us, or you, being dumb and dangerous.

Darryl~
Darryl~

I haven't seen any of those around here....but our traffic is pretty light in Nova Scotia...at worst, you might get delayed 15 or 20 minutes if they're doing road work during rush hour.....I like it here because of that....I don't like sitting in traffic at all.

AnsuGisalas
AnsuGisalas

"You d@mn kids! Get off my internet!"

NickNielsen
NickNielsen

You Aussies just got behind road trains and let them plow the way. BTW, your apostrophe should move from its current location to where you don't have one.

KeithAu001
KeithAu001

Yes I agree that the signs are there for a purpose, including of dire warnings. However, if you know the road and it's faults, then drive accordingly, slow the hell down, blind corners and hills need to be navigated properly. If you do not know the road, then err on the side of caution, well thats how we do it in Australia anyway. We dont need signs if we are cautious!!

NickNielsen
NickNielsen

And I don't have any problem ignoring them when they say "Click it or ticket" or "Buckle up, it's the law." (I don't ignore the law, just the signs.) :D In the last year, they've started using the overhead and roadside signs in the Columbia area to provide estimated drive times, much as they do in larger cities.

Darryl~
Darryl~

ones around here....they're mostly for "severe weather ahead" or for accidents, construction, that type of thing....I suspect with the amount of driving you do, you'd find these signs very useful at times....moreso than most.

Al_nyc
Al_nyc

Half the time those signs are unnecessary annoyances. They have stupid messages like "click it or ticket". In this instance the message was stupid but the idea was funny.

NickNielsen
NickNielsen

When he does it, I can hear him 15 miles away. :D

GSG
GSG

Zombies ahead, and No Latinos No Tacos is ridiculous, but the point is that these signs have been hacked and it is a safety issue. Maybe I'm showing my age (40 is firmly in the rearview mirror), but I caught myself thinking, as I read the original story, "Those d@mn kids. We didn't do stuff like this in my day." Next thing you know, I'll be coming out my front door yelling at the neighborhood kids to get off my lawn.

santeewelding
santeewelding

Half of what you see and, none of what you read. It's called suspension of belief. Pays even here, on TR.

Editor's Picks