{"id":620,"date":"2009-02-03T13:20:24","date_gmt":"2009-02-03T21:20:24","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/?p=620"},"modified":"2009-02-03T13:20:24","modified_gmt":"2009-02-03T21:20:24","slug":"current-event-zombies-ahead","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2009\/02\/03\/current-event-zombies-ahead\/","title":{"rendered":"Current Event: Zombies Ahead"},"content":{"rendered":"

According to a story on NBC Dallas-Fort Worth, someone hacked into an electronic roadsign system designed to notify motorists of upcoming hazards.\u00a0 <\/span>The system was altered to read \u201cCaution! Zombies! Ahead!!!\u201d\u00a0 <\/span>It also instructed motorists to run for cold climates and warned that \u201cthe end is near.\u201d\u00a0 <\/span>The story can be found here: <\/span>http:\/\/www.nbcdfw.com\/traffic_autos\/transit\/Zombies-Run-TxDOT-is-Not-Amused.html<\/span><\/a><\/p>\n

\u00a0<\/span><\/p>\n

<\/p>\n

The event arose as a prank.\u00a0 <\/span>The article states that a padlock was cut in order to gain access to relevant computers for the digital sign system, but no further details are provided on what security measures the digital system had in place.\u00a0 <\/span>Without these details one could only speculate what could have been done prior to the event to prevent the breach from occurring.\u00a0 <\/span>If weak or default passwords were used on any roadside equipment then that would be one area that could be easily changed to increase security.\u00a0 <\/span>The article also states that the signs were displaying the message for \u201ca few hours.\u201d\u00a0 <\/span>Some type of reporting system or monitoring system would have been able to detect\/report the change such that the incorrect message could have been corrected much faster.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

While this particular breach was simply a humorous prank, there are certainly more significant implications to consider.\u00a0 <\/span>There are many such systems that the public relies on to convey accurate information.\u00a0 <\/span>If these systems are not secure, they could be used maliciously to convey information that is not as obviously false.\u00a0 <\/span>For example, if one hacked the digital signs on I5 to report \u201cExplosion on 520 bridge, bridge out, take alternate route,\u201d one could both cause havoc during a rush hour commute by rerouting a massive number of commuters as well as cause potential social panic regarding both the cause of the explosion and concern to anyone travelling that knew individuals that usually took the bridge around that time.\u00a0 <\/span>This is but one example, there are surely many other types of malicious and harmful information that could take advantage of the trust the public has in official information displays.<\/span><\/p>\n

\u00a0<\/span><\/p>\n

As such, this seems like an incident that while relatively harmless because of being humorous and obviously false, should prompt a review of any type of information display system that the public generally trusts to be accurate.\u00a0 <\/span>These systems should be secure, and a method of quickly detecting any changes to such systems and ensuring that all changes are accurate should be in place so that any possible future breaches could be realized immediately, not \u201cafter a few hours.\u201d<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

According to a story on NBC Dallas-Fort Worth, someone hacked into an electronic roadsign system designed to notify motorists of upcoming hazards.\u00a0 The system was altered to read \u201cCaution! Zombies! Ahead!!!\u201d\u00a0 It also instructed motorists to run for cold climates … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":116,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-620","post","type-post","status-publish","format-standard","hentry","category-current-events"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/620","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/116"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=620"}],"version-history":[{"count":5,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/620\/revisions"}],"predecessor-version":[{"id":625,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/620\/revisions\/625"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=620"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=620"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=620"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}