Hacker hits Toronto transit message system, jabs prime minister
Shea said Exclusive Advertising reacted immediately. Every time we had an incident like that, we took a car out of service and they reprogrammed the message board by deleting the messages and programming in again the correct messages, he said. Now theres a fix for it that, to my knowledge, was not available back six years ago, and its having the programming device password-protected.
Shea said Exclusive Advertising is in the process of password-protecting message boards in all the trains.
Although Shea didnt know exactly how the hacker managed to reprogram the message boards, Greg Donohue, president of Exclusive Advertising, offered some insight.
We have about 800 of these LED scrolling message signs throughout the fleet of trains on the GO system, Donohue said. The signs are programmed via an infrared remote control. When we bought the signs about six years ago, it was relatively new technology -- and at the time the signs werent password-protected.
Donohue said that while anyone with that particular remote control could reprogram the signs back then, it the remote control devices werent available publicly. You had to buy them through a distributor or the manufacturer, and they were sold specifically for industrial use, he said. But whats transpired over the years is that they are becoming available to the public through retail stores, i.e., Sams Club. And you can buy the signs bundled with the remotes through other retail outlets. Because theyre all on the same frequency, anybody that buys the sign and has the remote can reprogram signs. So what you need is to password-protect each one. Thats what were doing now, password-protecting them. So then you need a password to alter the message on the LED screen.
Donohue said he never expected anything like the sign hacking to occur.
Weve had the signs up for six years and were phasing them out because were bringing in flat-screen monitors on the trains, so in another year it wouldnt have mattered, he said.
Some detective work by a Canadian blogger may have discovered the identity of the hacker: a 24-year-old Canadian named Joshua, who talks about the incident on his MySpace page and has received kudos from friends for hacking the signs.
An e-mail to Joshua from Computerworld seeking comment went unanswered.
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Who's Spying on You? You're aware of the threats of malware to your business but what about the ever-changing ground rules? Cybercriminals today are launching attacks against...
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Cybercrime and Hacking White Papers | Webcasts