A Prank Involved Crosswalk Buttons and Fake Quotes from Mark Zuckerberg. It’s a Crucial Lesson in Cybersecurity

The hack is a reminder that everyday infrastructure can be vulnerable to hackers—and that using ‘1234’ as a password is always a bad idea.

BY CHLOE AIELLO, REPORTER @CHLOBO_ILO

Imagine pushing the crosswalk button as you wait to cross the street at an intersection. But instead of the standard, “wait,” you hear Meta CEO Mark Zuckerberg launch into a tirade about AI, or Elon Musk praising President Donald Trump.

That is exactly what happened last April after hackers exploited weak security to upload custom and fake messaging to the systems. 

“It’s normal to feel uncomfortable or even violated as we forcefully insert AI into every facet of your conscious experience. And I just want to assure you, you don’t need to worry, because there’s absolutely nothing you can do to stop it,” says one audio recording, posted by Palo Alto Online last April, in which the speaker introduces himself as Mark Zuckerberg, or “the Zuck.”

Another recording that sounded like Zuck spoke of “undermining democracy” and “making the world less safe for trans people.” And one of the ones that was intended to sound like Musk said, “you don’t know the level of depravity I would stoop to just for a crumb of approval,” according to Palo Alto Online. Another hacked crosswalk button in Seattle featured a voice that was meant to be Amazon founder Jeff Bezos begging to avoid taxes on the rich, KOMO News reported.

How Anthropic's Claude AI Became a Co-Founder

Crosswalks across Silicon Valley including in Menlo Park, Palo Alto, and Redwood City were affected, as were some crosswalks in Denver and Seattle, albeit later, according to a recent report from Wired. The publication noted that officials across the localities were scrambling in the aftermath to piece together how security vulnerabilities had been overlooked. Although news about cybersecurity typically involves financial exploitation or data hacks, this particular situation serves as a reminder that even everyday gadgets and systems can be vulnerable without proper protections.

One former Federal Highway Administration official told Wired that local governments don’t always put detailed cybersecurity protocols into supplier contracts, instead relying on “reasonable diligence and best judgment,” at least in the case of one Redwood City contract. Polara, a leading supplier of crosswalk buttons that is owned by Synapse ITS, meanwhile, told Wired that some buttons come with the option for officials to customize the messaging using an app and Bluetooth. The app is publicly available and the buttons come with a default password of “1234,” which presents a clear security issue if local authorities neglect to change the code or pick a complex alternative.

As it happens, as recently as March, someone adjusted the messaging at intersections in Denver to say various anti-Trump messages, alongside instructions about whether it was safe to cross. Wired reported that the default password had still been in place on those buttons.

© Inc.com