Comments

schwit January 9, 2026 9:50 AM

Doesn’t this say that Palo Alto has a much bigger problem? They don’t audit their systems.

Clive Robinson January 9, 2026 9:58 AM

Hi Tech frat attack?

It’s an interesting attack method, but the messages left suggest it was “fratish political behaviour”.

From a security aspect “yes the passwords were not changed” but less obvious was the fact that the signals were mixed mode, with the majority being older and centrally controlled/updated with these new signals being locally updated by common Bluetooth.

It’s this sort of change that causes a lot of security vulnerabilities to be exploitable in “new” where as it was not possible in “old”.

Some might call this “Crack by feature creep” where a supplier changes functionality significantly because a “new SoC chip” they’ve moved to allows “Marketing creep”.

Rontea January 9, 2026 12:39 PM

This incident is a textbook example of the risks inherent in leaving default passwords unchanged. When manufacturers ship devices with factory-set credentials, they create a single point of failure across every installation. Attackers know this and routinely scan for such systems, exploiting them with minimal effort. Security through obscurity—assuming no one will notice or care—isn’t security at all. The fact that critical infrastructure like crosswalk signals was compromised shows how our digital vulnerabilities can manifest in the physical world. Strong, unique passwords and regular audits must be the baseline, not an afterthought.

Leave a comment

Blog moderation policy

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.