The U.S. Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is warning of a password vulnerability affecting Daktronics' configuration software for highway signs.
While an initial report contended that the software's passwords were hardcoded, Daktronics says the software comes with a default password that can be changed.
- Displays should not be on publicly accessible IP addresses. Placing a display on a private network or VPN helps mitigate the lack of security,
- Disable the telnet, webpage, and web LCD interfaces when not needed, and
- Change the default password to a strong password as soon as possible on all installed devices.
The most recent examples of this type of breach were road signs in North Carolina that were altered to read, "Hack By Sun Hacker," and a highway sign in San Francisco that warned "Gozilla Attack! Turn Back." Still, these types of attacks have been happening for a while -- in a similar incident in 2011, a Colorado road sign was changed to warn, "Zombies Ahead," and another in 2012 warned, "Warning Daleks Ahead."