Wanco News
- “Zombies Ahead” a Serious Matter
-
February 25, 2009 – Recent news reports have detailed the “hacking” of variable message signs in Texas and elsewhere. Persons unknown have changed messages from legitimate alerts about road construction and traffic conditions to farcical messages, such as “Zombies Ahead.”
These incidents have caused concern for motorists, traffic control companies and DOT personnel.
Preliminary research indicates these events are not the result of hackers using technologically advanced methods to “crack”computer code. Nor, it seems, are vandals breaking into locked control boxes.
Rather, evidence suggests that ordinary citizens with means and personal motives are finding security passwords readily available, either at the signs or on the Internet, and control panels freely accessible. Intuitive controls and operating instructions located inside control boxes make it easy for almost anyone to change the message on the electronic signs.
In an effort to reassure owners and operators of Wanco message signs, and help ensure the safety of motorists, we offer the following guidelines to prevent tampering with our equipment.
Safeguard the controls
Wanco control boxes are tamper resistant, with a three-point latch/locking handle assembly that resists attempts to pry open the cover. The control panel keyboard can be detached and removed.
• Detach and remove the keyboard whenever you are not working on or programming the unit.
• Lock the control box and store keys safely away from the equipment. Keys hidden nearby WILL be found by someone who shouldn’t have them.
• Have a lock shop mark all keys (except the master) “DO NOT COPY.” No legitimate lock shop will copy a key with this mark. Keep the master in a safe, secure location.
Change passwords
The Wanco control panel provides quick access to password management.
• Periodically change the passwords on all message signs. Old passwords have been shared and shared again, and you don’t know who has them.
• Do not write passwords inside the control box, or anywhere on or near the equipment. THIS IS A LEADING CAUSE of variable message sign abuse.
• Avoid using common phrases or obvious words for passwords. A great password contains capital and lower-case letters, numbers, and special characters (& # @ $ * and so on).
• After receiving a new message sign from the factory, change all of its default passwords.
Know your people
• Maintain a list of employees who have access to each unit. In some cases, employees have been known to access message signs without authorization.
• If you suspect an unauthorized person has access, take the measures above to secure the signs.
Discussions among technical experts at Wanco have raised an additional concern not previously mentioned in the mass media. It is possible, however unlikely, that current or former employees of a company that owns or operates a variable message sign may have the ability to remotely access equipment using wireless connectivity. Unauthorized access via remote communication is possible with some message sign models.
While this may be of concern to some, Wanco does not believe this to be a probable method of tampering. Successful remote access requires several pieces of information not known or available to most people. Moreover, maintaining and changing passwords at the units will successfully prevent this type of access. We have not been informed of a single occurrence of remote-access vandalism.
Wanco provides the easiest programming in the industry for the benefit of our customers. We also provide methods for securing our equipment. With proper security measures in place, tampering by the average citizen is more difficult and therefore less likely; and vandalism with malicious intent is kept to a minimum.
For more information on Wanco Variable Message Signs and the rest of our products, call Wanco Customer Support at 1-800-972-0755.
This article has been modified since originally posted.
