Security experts have discovered a new flaw in Daktronics’ Vanguard software which could be remotely exploited by hackers to hack electronic road signs.
A week ago, it was reported that Daktronics’ Vanguard dynamic highway message sign (DMS) configuration software contain hard-coded default credentials, but the company remarked that this is not a security issue because credentials could be changed by the organization that manage Daktronics’ Vanguard application.
The Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT) has issued a specific alert on the vulnerability discovered in Daktronics’ Vanguard software.
“ICS-CERT is aware of a public report of a hardcoded password vulnerability affecting Daktronics Vanguard highway dynamic message sign (DMS) configuration software. According to this report, the vulnerability is a hardcoded password that could allow unauthorized access to the highway sign. This report was reported to ICS-CERT by the Federal Highway” states the ICS-CERT alert.
The ICS-CERT revealed the existence of a proof-of-concept attack online that can be followed by bad actors to remotely modify sign messaging. The Emergency Response Team suggests to those in control of signs running the affected Daktronics’ Vanguard dynamic highway message sign (DMS) configuration software to “review sign messaging, update access credentials, and harden communication paths to the signs.”
Daktronics and the Federal Highway Administration provided the following recommendations:
ICS-CERT suggest organizations to perform risk assessment prior to taking defensive measures, and of course to report to ICS-CERT any anomalous activities to their systems.
Yesterday I published another interesting post on the alert provided by ICS-CERT related to risks of cyber attacks to ICS systems exposed on-line, the number of cyber attacks is increasing and problems like the one discovered in Daktronics’ Vanguard could be exploited by attackers to cause serious problems and harm Homeland security.
(Security Affairs – ICS-CERT, Daktronics)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.