ICS-CERT warns of possible hack of road signs controlled by Daktronics Vanguard software

Pierluigi Paganini June 10, 2014

ICS-CERT issued an alert for the presence of a hardcoded password flaw in Daktronics Vanguard highway dynamic message sign (DMS) configuration software.

Security experts have discovered a new flaw in Daktronics’ Vanguard software which could be remotely exploited by hackers to hack electronic road signs.

A week ago, it was reported that Daktronics’ Vanguard dynamic highway message sign (DMS) configuration software contain hard-coded default credentials, but the company remarked that this is not a security issue because credentials could be changed by the organization that manage Daktronics’ Vanguard application.

The Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT) has issued a specific alert on the vulnerability discovered in Daktronics’ Vanguard software.

“ICS-CERT is aware of a public report of a hardcoded password vulnerability affecting Daktronics Vanguard highway dynamic message sign (DMS) configuration software. According to this report, the vulnerability is a hardcoded password that could allow unauthorized access to the highway sign. This report was reported to ICS-CERT by the Federal Highway” states the ICS-CERT alert.

The ICS-CERT revealed the existence of a proof-of-concept attack online that can be followed by bad actors to remotely modify sign messaging. The Emergency Response Team suggests to those in control of signs running the affected Daktronics’ Vanguard dynamic highway message sign (DMS) configuration software to “review sign messaging, update access credentials, and harden communication paths to the signs.”

ICS-CERT road sign 1

Daktronics and the Federal Highway Administration provided the following recommendations:

  • Minimize network exposure for all control system devices and/or systems, and ensure that they are not accessible from the Internet.
  • Locate system networks and devices behind firewalls, and isolate them from the business network.
  • When remote access is required, use secure methods, such as Virtual Private Networks (VPNs), recognizing that VPNs may have vulnerabilities and should be updated to the most current version available. Also recognize that VPN is only as secure as the connected devices.

ICS-CERT suggest organizations to perform risk assessment prior to taking defensive measures, and of course to report to ICS-CERT any anomalous activities to their systems.

Yesterday I published another interesting post on the alert provided by ICS-CERT related to risks of cyber attacks to ICS systems exposed on-line, the number of cyber attacks is increasing and problems like the one discovered in Daktronics’ Vanguard could be exploited by attackers to cause serious problems and harm Homeland security.

Pierluigi Paganini

(Security Affairs –  ICS-CERT,  Daktronics)



you might also like

leave a comment