The Dumbest Hack of the Year Exposed a Very Real Problem
"Fnord666" writes:
The Dumbest Hack of the Year Exposed a Very Real Problem:
In the wee hours of the night last April, someone stopped at roughly 20 street intersections across Silicon Valley and launched an unprecedented cyberattack that would eventually spread to multiple states, embarrassing local officials and prompting them to question their security practices. Authorities suspect the unknown culprit took advantage of weak and publicly available default passwords to wirelessly upload custom recordings that played whenever a pedestrian pressed a crosswalk button.
Instead of the normal recordings telling people to either wait or cross the street, pedestrians heard the spoofed voices of billionaire tech CEOs. A fake Mark Zuckerberg said at one Menlo Park intersection that people would not be able to stop AI from "forcefully" being inserted "into every facet of your conscious experience." At another, he celebrated "undermining democracy." At a different intersection, an altered Elon Musk described President Donald Trump as "actually really sweet and tender and loving," while on a nearby street his faked voice whined about being "so alone."
Government emails and text messages obtained by WIRED through public records requests show how the cities of Menlo Park, Redwood City, Palo Alto, and later Seattle and Denver scrambled to respond to the crosswalk button tampering. The communications, along with interviews with security experts and former employees of the button manufacturer, highlight how governments and the company had overlooked vulnerabilities in a widespread technology.
In Redwood City, then-city manager Melissa Diaz quizzed staff about who should be blamed for the incident. "We need to understand who should be accountable for the security of these systems and what we can do to hold either staff or the external responsible party accountable," she wrote in an email to colleagues in the days after the hack.
Nick Mathiowdis, Redwood City's current communications manager, tells WIRED that staff have been addressing the issue based on "lessons learned and evolving best practices," but declines to share details to avoid encouraging further hacks.
Read more of this story at SoylentNews.