back to article SLOW DOWN: Insecure-by-design software on road

If your commute to work today featured an electronic highway sign suggesting you do something odd, the presence of a default password in sign management software called Daktronics Vanguard may be to blame. ICS CERT points out that an early panic that the software possessed a hardwired password can be dismissed. But the …


This topic is closed for new posts.
  1. jake Silver badge

    On Hwy 121, between Sonoma & Napa ...

    ... I personally witnessed a sign stating "DANGER! Badgers and Hedgehogs crossing!"

    Yes, I know how to do it, no it wasn't me.

    1. kryptonaut

      Re: On Hwy 121, between Sonoma & Napa ...

      Badgers and Hedgehogs crossing - resulting in a litter of powerful, spiny, black and white Badhogs. You don't want to mess with those things.

    2. Adam 1

      Re: On Hwy 121, between Sonoma & Napa ...


  2. frank ly

    An interesting project

    " ... signs managed by the software be assigned an IP address the general public cannot access, ..."

    The world's largest LAN.

    1. jake Silver badge

      @frank ly (was: Re: An interesting project)

      You can find your world's largest LAN at

      HTH :-)

      1. dajames Silver badge

        Re: @frank ly (was: An interesting project)

        You can find your world's largest LAN at

        I think you'll find ::1 is larger ... if you can find it at all ...

  3. Yet Another Hierachial Anonynmous Coward

    Internet of Things

    So....if these signs are on the Internet of Things, as is my fridge, can the fridge tell the sign to put up a message reminding me not to forget to buy some milk on the way home?

    Now that would be useful.

    1. Cliff

      Re: Internet of Things

      Then your car's GPS and weight sensors will tell the fridge you bought some and to stop panicking.

      1. Tom 7 Silver badge

        Re: Internet of Things

        So that's what that thing on my phone is: Near Fridge Communication!

  4. Dan 55 Silver badge

    If there's got to be a default password...

    ... make it a password based on some serial number known to the user and force a change on first log in.

    It's not rocket science.

    1. Adam 1

      Re: If there's got to be a default password...

      Just make sure it can't be determined by looking at the publicly visible MAC address.

  5. TRT Silver badge

    I'm so tempted...

    to make them say...

    R U O K?



    1. Tom 7 Silver badge

      Re: I'm so tempted...


      put that in ROM!

    2. Darryl

      Re: I'm so tempted...


  6. Crisp Silver badge

    Why am I only finding out about this NOW!?!

    Mine's the coat with a copy of nmap in the pocket.

  7. Alister Silver badge

    Ah, if only the Motorway matrix signs required hacking, they can be nonsensical without any malicious help...

    On a lonely stretch of the M6 miles from any service station or junction, I am advised to "Check Your Tyre Pressures"

    What, now?? Do you want me to stop??

    Or the even more obscure "Use the correct child seat". WTF??

    1. Bad Fish

      The signs on the A1M regularly tell you to slow down because of accidents or traffic jams that turn out to be non-existent; I suppose the operators put up a message when something happens, but don't remove it when the problem has cleared. The effect is, of course, that no-one takes the slightest notice of the signs; if there were a real problem, the signs would not help: except that motorists could then be blamed for "not taking notice of the warning signs".

    2. Dan 55 Silver badge

      It means, "If you a parent you already know that child seats are made to carry children of a specific weight range called groups, and of course you don't need reminding to buy a new one from the next group up when your child becomes too heavy for the current group otherwise you'd be negligent. If you are not a parent you can ignore this message."

      Now how you expect to get that across in an immediately understandable way on a motorway display with fewer characters than Twitter is another question. A they supposed to relay important information or just be a distraction which might require imaginative parsing while travelling at 70mph?

    3. hplasm Silver badge

      Not to mention-

      Bloody "Queue Caution"

      it means NOTHING!

      1. Captain Scarlet Silver badge

        Re: Not to mention-

        @hplasm Have to agree, always find large stretches of motorway have random queue or go slow messages and 7 out of 10 times nothing. The M11 is particularly annoying as it feels like for several junctions the same message is displayed and when you do get to an actual accident or something in the road everyone has sped up again.

        1. 2+2=5 Silver badge

          Re: Not to mention-

          @hplasm Have to agree, always find large stretches of motorway have random queue or go slow messages and 7 out of 10 times nothing. The M11 is particularly annoying

          Going northbound on the Oxfordshire / Warwickshire stretch of the M40 in the mornings, I've often seen warnings to slow down for an incident only to find nothing northbound but an apparent incident (well at least a jam of traffic) southbound. It's happened so often that I seriously wonder whether they've cross-wired the signs in the control centre.

      2. Tom 7 Silver badge

        Re: Not to mention-

        Like the attempts to get you on the M6 toll rd by pretending the free one is busy.

      3. Anonymous Coward
        Anonymous Coward

        Re: Not to mention-

        > it means NOTHING!

        Not true. It's an imperative sentence instructing the second person (pl. or sg., it's ambiguous in English) to place caution in a line or sequence.

        I'm not entirely sure why you would tell drivers that, though.

        1. Michael Wojcik Silver badge

          Re: Not to mention-

          It's an imperative sentence instructing the second person (pl. or sg., it's ambiguous in English) to place caution in a line or sequence.

          As is usually the case with natural languages, and particularly with English, the parse is ambiguous. For example, it could also be an imperative addressed to "Queue" (which could be a proper noun1), instructing him or her to be careful, with the verb "exercise" (or similar) elided; or asking him or her to admonish some third party in the same regard.2

          1"And these are our children, Queue and Stack."

          2"Queue, would you please caution your brother? Stack's about to fall out of that tree. I don't want your mother to see him in a heap on the ground."

    4. Anonymous Coward
      Anonymous Coward

      "Check Your Tyre Pressures"

      Policy by some road agencies is *not* to use the signs for generic safety messages like that... precisely because they are distracting and pose a safety risk. :-/

      The UK and France are two exceptions that I can think of, where they love to spam you with bollocks.¹

      ¹ Ok, not bollocks. Just wrong time and place for that sort of driver education.

      1. Michael Wojcik Silver badge

        Re: "Check Your Tyre Pressures"

        Ok, not bollocks. Just wrong time and place for that sort of driver education.

        No, pretty much bollocks. The number of car owners who will only check their tire pressure after being reminded by a highway sign is likely to be vanishingly small, and the gradations of "approved" child car seats is wildly excessive. (Nearly all the statistical benefit of using child seats actually comes simply from getting the kids into the back seat and having them secured somehow, rather than bouncing loose around the cabin or sitting on someone's lap in the front.)

        Driver-nagging messages are probably about as effective as "Baby on board" signs for improving motoring safety (i.e., not at all, particularly once the adverse effects of driver annoyance are factored in).

  8. Anonymous Coward
    Anonymous Coward

    I always thought that they were hardcoded by default to display FOG at random intervals (except when it is actually foggy), with no admin access enabled to allow them to change the text at all.

    1. Nick Ryan Silver badge

      I'm pretty sure that this default display of FOG is not truly random and your assertion that they avoid showing this when it is actually foggy would back this up. In my experience they seem to target bright sunny afternoons more than any other time of day.

    2. Anonymous Coward
      Anonymous Coward

      > default to display FOG at random intervals (except when it is actually foggy)

      It's still being displayed. You just can't see it because of... well, reduced visibility.

  9. Peter Simpson 1

    Already failing

    The ones Massachusetts purchased rarely have all character positions operable (even when new!). The number of available characters is so low, that most messages require multiple screens. The time between screens has been set to 5 seconds or so, resulting in only being able to read half the message before passing the sign. They seem to have popped up everywhere, they all have defects and some company is congratulating themselves for having carted off a shedload of cash while unloading a bunch of obsolete and defective merchandise at full list price.

    Thankfully, the signs very rarely display useful information, more often the message is something along the lines of:


    (^^^ you see a random third of this message)



    Why can't they just leave the damn things off, unless they have something important to say? Seriously, if they're always displaying unimportant messages (no, not driving drunk is very important, but by now, we should all know that) don't people tend to ignore them after a while?

  10. Crazy Operations Guy Silver badge

    "Let's hope the hordes of folks apparently contemplating new “things” learn from this incident"

    But security gets in the way of innovation; how can developers connect toilets to instagram when they have to waste time with pointless tasks like 'setting a password' or 'disabling unneeded services'

  11. Big_Boomer Bronze badge

    My Message

    to all my fellow road users would be "WAKE UP YOU DOZY B******S AND PUT THE BLOODY PHONE DOWN!!".

    1. TRT Silver badge

      Re: My Message

      My son tells me that they started screening an ad in a US cinema after snoopily snooping somehow the numbers of all the cell phones in the audience, probably with the help of the carriers (or the NSA!).

      At a critical point in the ad, which involved someone driving a car, they texted the entire audience. The critical point was about four seconds before the film showed a car crash from the driver's point of view.

      If that's true, then it'd be a pretty effective campaign, I'd say

      1. The March Hare

        Re: My Message

        See this :

        'fraid it's the daily fail but still worth a watch...

        1. TRT Silver badge

          Re: My Message

          Ah! The old cell broadcast message system. It's been in mobiles since the year zero, IIRC. Never seen it used before. Cool.

      2. Anonymous Coward
        Anonymous Coward

        Re: My Message

        > after snoopily snooping somehow the numbers of all the cell phones in the audience

        They haven't. They don't know the individual numbers. It's called Cell Broadcast as has always been part of the GSM standard, albeit I've never seen it used.

        Good campaign though.

        1. TRT Silver badge

          Re: My Message

          I hadn't seen the original article - I was just going on a report my eavesdropping paranoid 16 year old son had delivered. In the days where rotating MAC addresses and Blackphone handsets are a selling point for the social media and internet addicted teenage generation of today, they do seem to be quite conscious of how their publicly accessible tweets and facebook statuses can be intercepted en-route.

          Having read the article kindly linked to by another commentard, I immediately recognised that they'd used cell broadcast. I too have never seen it used before.

          1. Terry Cloth

            Never seen cellphone broadcast used before?

            You must live in a very dull vicinity. Just this afternoon I got one warning of flash flooding, and last year I got a couple giving tornado warnings.

            My sister told me of an instance at work when a bunch of smartphone owners were congregating, and a warning came in. Most amusing, once everyone's heart rate had returned to normal.

    2. Peter Simpson 1
      Thumb Up

      Re: My Message

      to all my fellow road users would be "WAKE UP YOU DOZY B******S AND PUT THE BLOODY PHONE DOWN!!".

      Sadly, they probably wouldn't see it

      // unless you sent it by SMS...

  12. Anonymous Coward
    Anonymous Coward

    M6 Toll Clear

    The most useful message, ever..........(not)

  13. ectel

    Best one I saw...

    ...was in France on the A7 one summer heading for the Mediterranean. "Slow down, the sea isn't going to evaporate"

    1. Ian 55

      Re: Best one I saw...

      Was it in English or German?

  14. PassiveSmoking

    Things to put on a highway sign

    * "I know what you did"

    * "If you're going on holiday here, I'd turn around now. It's shit"

    * "If you're driving an Audi I hope you die in a fireball of twisted metal (and you probably will, learn to sodding drive!)"

    And my personal favourite:

    * "Did you leave the gas on?"

  15. Eddy Ito Silver badge

    This is L.A.

    Signs? We don't read no steeenkin signs!

    Of course they could put up a novella for when traffic is bad, say between 7 am and 7 pm. It would be more useful than one that jokingly reads "15 minutes it 710 freeway" while you've been stuck staring at it for 20 minutes.

  16. Ian 55

    Not just on roads

    The departure signs at Nottingham station recently had problems, and were happily rebooting and showing their IP address.

    Next train to Hogwarts leaves in 14 minutes...

  17. H.Winter

    Wireless or memory card?

    I've always wondered if they could be programmed wirelessly or if someone needed to go around to each one and configure. A few years back I saw one that said 'INSERT MEMORY CARD' (this is in NSW, Australia)

  18. Allan George Dyer Silver badge

    "Intermittent Tube Closure"

    OK, possibly* useful information if you are in London, but I fail to see the relevance 8,000 miles away where it is often displayed on a tunnel approach in Hong Kong.

    * Well, not useful at all. How long will the tube be closed? Should I turn off now and take another route?

  19. Terry Cloth

    Excessive text

    One of my favorite examples is on, IIRC, the Delaware Memorial Bridge (DE--MD, USA):


    Well, of course, you blockhead! If you're outdoors there are always wind conditions: breezy, still air, gale warning, approaching hurricane... which is it? If they just said ``WINDY'', they'd be specific, save ten characters, and and drivers could get their eyes back to the road sooner.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019