Skip to content
Naked Security Naked Security

Man hacks highway sign to read “Drive Crazy Yall”

It should have been a "construction ahead" warning, and the electronic sign should have been secured with a less guessable password!

A Texas man has admitted to guessing at what must have been a forehead-slapper of an easy login for a highway sign, changing what should have been a “construction ahead” warning to “Drive Crazy Yall.”

Somebody who lived nearby flagged down an off-duty deputy on Sunday and told him that they’d seen a dogwalker fiddle with a warning about road construction on the electronic message board, according to an arrest affidavit seen by the Austin American-Statesman.

Geoffrey Eltgroth, 26, of Leander, Texas, was walking his dog along a road, about 25 miles north of Austin, on Sunday.

The affidavit said that he admitted to having typed “‘Drive Crazy Yall’” to display on the board. The deputy found Eltgroth walking behind a gas station and confronted him about changing the sign.

According to the affidavit, Eltgroth “admitted to typing in a user name and password (which he guessed) for the sign and to deleting the message to warn traffic of upcoming construction and typing the different message because he believed it was humorous.”

On Sunday, Eltgroth was charged with criminal mischief: tampering with transportation communication equipment. That’s a third-degree felony, punishable by up to 10 years in prison, though maximum sentences are rarely imposed.

Eltgroth was in jail as of Monday.

We’re going to assume that Eltgroth didn’t have sophisticated password-cracking instrumentation wired into a doggie leash, which suggests that the highway sign was protected with one hell of a rubbish password.

Well, that’s not surprising. Analysis of leaked LinkedIn logins on sale for 5 BTC last week shows that people still use garbage passwords.

True, the dataset appears to be the same one – only much, much bigger – than that from LinkedIn’s 2012 breach. And yes, we already knew that those 4-year-old passwords were bad, given that they were cracked within hours of the 2012 breach.

But even after 4 years, some of those LinkedIn users still hadn’t changed their bad passwords.

And when it comes to highway signage, well, if those electronic signs are anything like baby monitors, home surveillance systems, or any other internet-enabled camera, we know it probably has a default password.

Not that we would ever advise anybody to commit a third-degree felony, mind you, but maybe that sign should have been changed to read “PLEASE CHANGE MY DEFAULT PASSWORD!!”

10 Comments

No crime was committed the new warning was probably more effective. Only a police state would consider it a crime.

That happened here in Santa Rosa CA a few years ago. Bight idea construction workers had written the password right on control box for the message sign.

Someone posted in the comments of the story:
“I work for another city, and in my experience, the password is always left as the default (included in the manual) and the manual is usually kept in the control cabinet. Also, the manual is usually available online. Usually the control cabinet is secured with a pad lock. Now if the message board had wifi access enabled, that was just irresponsible. If anything he should be given community service, and this should be a lesson for everyone to evaluate their procedures and the security of their message boards.”

Yep leaving the default password is ok, but leaving Wifi enabled is just plain irresponsible.

Naturally I hope no one was hurt. But this is a bit funny.

This is not as humorous as Daleks (/2012/05/25/dalek-invasion-hacked-road-sign), but I still find it amusing. If no one was hurt, can we idealistically hope someone learned a valuable security lesson and that this guy receives a small fine and a warning?

In Massachusetts last summer, many of these roadside warning signs in construction zones on the Mass Pike (I-90) had messages urging motorists to vote for Boston Red Sox player Xander Bogarts for the MLB All Star Game. What kind of jail time did Turnpike officials get for that?

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?