Hackers manipulated the traffic signal system and flashed ‘Godzilla Attack’ in San Francisco.
Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the US Department of Homeland Security has called for strengthening the traffic systems after hackers manipulated the traffic signal system and flashed ‘Godzilla Attack’ in San Francisco.
ICS-CERT has warned cities, highway operators and users of digital-sign maker Daktronics to take adequate measures to prevent recurrence of such incidents.
Last month, hackers manipulated the traffic system at San Francisco’s Van Ness Ave to flash a message, "Godzilla Attack! Turn Back", while last week hacker manipulated the highway signs across North Carolina flashing message, "Hack by Sun Hacker."
A warning from ICS-CERT recommends entities to review sign messaging, update access credentials, and harden communication paths to the signs.
Daktronics representative Jody Huntimer told Reuters, "We are working with the ICS-CERT team to clarify the current alert and will release a statement once we have assessed the situation and developed customer recommendations."
ICS-CERT is currently coordinating with the Daktronics and the Federal Highway Administration (FHA) fix any vulnerability in the systems.
As a security measure, Daktronics and the FHA have recommend traffic displays should not be on publicly accessible IP addresses.
It also suggest that brining a display to a private network or VPN help in improving security, while suggesting agencies to disable the telnet, webpage, and web LCD interfaces when not needed.
ICS-CERT is also suggesting changing the default passwords and creating stronger passwords in all the installed system to prevent manipulation.
Earlier in May, security researcher company IOActive had warned that hackers have the ability to take over entire cities’ traffic light systems.
The researchers claimed that the traffic control systems of major US cities are at the mercy of hackers, who can create traffic snarls by sending vehicles in the wrong direction.
According to IOActive security researcher Cesar Cerrudo, the vulnerable system is Sensys Networks’ VDS240 wireless vehicle detection systems, which have been installed in major US cities and countries.