Video The pedestrian crossings in various American cities were diverted during last week – rather than saying robotically to the people he is sure to walk or wait – rather emit the adoption voices of Jeff Bezos, Elon Musk and Mark Zuckerberg.
And it is likely that all this thanks to a freely available service application and poorly secure equipment.
In Seattle this week, some pedestrian crossings began to play messages generated by AI, the Jeff Bezos technology magnate. In a video clip, a synthetic voice of Bezos can be heard of the push button box, and claiming that the crossing is sponsored by Amazon Prime.
Then, he turned into the parody that has become social comments: “You know, please do not tax the rich, otherwise all the other billionaires will also move to Florida. Would it not be terrible that all the rich leave Seattle or must be Lugi, then normal people could afford to live here?”
On the one hand, it is an old -fashioned hacker, and on the other hand, it is a nuisance for certain walkers, in particular the visually impaired pedestrians who count on audio clues to know when he is sure to cross. The city government is not delighted either: to repair the falsified buttons is to eat time for the staff who could have passed elsewhere.
“We take this question seriously and work as quickly as possible to answer the situation,” the people of the Ministry of Transport from Seattle in The Press. “We also work with our supplier to explore stronger safety measures to prevent future hacking.”
It’s not just Seattle. Similar hacks have been spotted, or rather heard, in Silicon Valley, where pedestrian crossings have been designed to bring out voices generated by a-imitant Mark Zuckerberg, Elon Musk and Donald Trump saying to the Spacex oligarch of “Back to bed”. A recording for YouTube of the Crosswalk Bijackings is integrated below.
YouTube video
The generation of Deepfakes is easy today, and technology is only improving. The one behind the pranks will probably continue. We believe that it is possible to use a mobile application which was free and public to the manufacturer of crossing equipment for the configuration of the equipment.
Now that the manufacturer has drawn this software from the Android and official iOS application stores, The register Can reveal responsible for how the trick was made. Or how we are almost sure that it was removed.
Easy to 1234
Pirared pedestrian crossings all seem to come from a common source: Polara, the main American manufacturer of pedestrian signal systems. When you work properly, signals generally say things like “wait”, “walk” or “walking light is on”.
Hundreds of thousands of these devices are deployed across the country, installed and maintained by governments and municipal entrepreneurs. The equipment is designed to be simple and durable, while the software that controls it is an accessible basic industrial system via Bluetooth.
All this can be managed using the Polarra Field Service application, which was until recently available for free on Google Play and Apple App Store. Unsurprisingly, it is now withdrawn from the two platforms – almost certainly in response to the recent wave of Hijinks.
Polara made the public application for more convenience and customers would therefore not need to buy a proprietary device to configure pedestrian crossing units, which is a good idea or an opportunity for lost income depending on how you look at it. But it allowed the pranks to get their hands on it easily.
After installing the application and linked the smartphone to a nnearby pedestrian crossing system via Bluetooth, the user can configure spoken messages triggered by button pressures, adjust signal synchronization and install language packs-in this case, the votes generated by AI, it seems. The hack noted Deviant Ollam broke out how it all works in a video last year, which you can see below.
YouTube video
However, entering requires a password – and anyone who has worked in security can see where it goes. As polar’s documentation indicates, the default password is 1234 and it is up to the buyer to change this in production. We would bet most of the installers who have never disturbed themselves. This surveillance made trivially easy for anyone with the application is associated with nearby devices and exchange parameters – including downloading vocal clips generated by the AI.
“Polara has probably designed an attractive target because they have a wireless management interface by Bluetooth, they have a huge market share, and the results are hilarious in the form of spoken voice on each corner,” said Ollam The register.
He noted that although the application is no longer in public application stores, many people have already installed it – and archived copies are almost certainly online. To repair the situation, someone will have to go out and change the pins and keep lists. Which is good until the lists is hit. The raw passage codes will not work because after too many things, the devices lock you, we understand.
“If the governments are properly funded at the moment, there is a chance that we really see work teams going there, going at the intersection. But since the current moment, the ministries have been reduced and burned, who knows?” Ollam estimated.
“Here again, it is a blow that makes fun of the ruling class. There is therefore often a way to make money appear from nowhere, even if the children are hungry in under-funded schools.”
In a declaration at El regPolana has told us that none of its systems or code had been compromised, and if someone had accessed the level crossing systems, this would have been done using valid pins, such as the default value of 1234:
Biz has added: “We work with affected customers to delete unauthorized messages and to help protect their systems in the future. We regret any drawback and continue to work directly with our customers to improve the safety of their systems and guarantee that these products remain safe and reliable.”
What can we say? This is why the default identification information in production is bad. ®
