City officials in Redwood, California, raced to strengthen cybersecurity measures across public infrastructure after their crosswalks were hacked by an outside party to play fake voice messages from tech billionaires Elon Musk and Mark Zuckerberg during the weekend of April 12th.
The auto-generated messages were reported at four intersections throughout the city, prompting concerns about public safety for residents. The issue also spread to neighboring cities, including Palo Alto and Menlo Park.
“There’s nothing we can do to stop AI,” one of the messages posing as Zuckerberg declared.
Another message, using a generated voice impersonating Elon Musk, declared, "I'm so alone", and went on to claim that money can’t buy happiness.
Following the incidents in California, similar hacks were reported in Seattle, where crosswalks played AI-generated messages impersonating Jeff Bezos, including claims that the signals were "sponsored by Amazon Prime".
Resident tip sparks an investigation
According to a RWC request (service request to the city) submitted on April 12th by a resident identifying as “Yasdnilas”, the prank began at the intersection of El Camino and Maple Street.
Over the next two days, similar incidents were discovered at a total of four locations throughout the City of Redwood. The City confirmed all unauthorized messages were disabled by Sunday, April 13th.
“We sincerely apologize for any confusion or concern this may have caused. The unauthorized messages have since been disabled, and the normal messaging has been restored. Staff are also evaluating ways to strengthen system protections moving forward,” Deputy City Manager Jennifer Yamaguma wrote in a statement on April 15th.
But the process of responding to the incident prompted deeper investigation within the City Council over infrastructure security, contractor responsibilities, and maintenance updates on equipment.
The Daily Dot obtained recorded communications from the City of Redwood documenting the process of investigating and responding to the hacking incident through the following week, beginning April 14th.
In addition, the Daily Dot also secured records from the City of Palo Alto, offering additional insight into how neighboring cities handled their responses to the general public.
“It was later determined that 12 downtown intersections were similarly malfunctioning, and that tampering may have occurred on Friday [April 11th],” Chief Communications Officer Meghan Horrigan-Taylor wrote in response to a media inquiry from KTVU FOX-2.
The extent of disruption in Palo Alto appeared to be greater than in Redwood, which reported fewer intersections.
Who is accountable?
City Manager Melissa Stevenson-Diaz pushed for clarity on procedural responsibility on April 14th. She asked, “When installed, is it our staff who are to change the password, or should that have been done by contractors working for us?” She additionally requested to know how password protections were being handled.
Tanisha Warner, the city’s News Director of Engineering and Transportation, noted that Redwood City has not had in-house signal technicians for several years, and relies entirely on CalWest for signal Maintenance.
“I remain concerned that we develop some kind of standard…ensuring that passwords are updated from the manufacturer default, either by us or whoever is responsible for installation and/or ongoing maintenance,” Stevenson-Diaz wrote, explaining the need for a long-term solution and potential procedural changes.
Federal attention and media
The incident also attracted federal interest. On April 14, Warner received a voicemail from the Federal Highway Administration (FHWA) and confirmed that FHWA official Edward Fok followed up with an email. Yamaguma, having recently completed cybersecurity training, expressed caution: “I’d still want to confirm it’s a legitimate staffer before sharing any additional information.”
Media interest was rapid. NBC and other local outlets requested statements. Redwood City Police Captain Ashley Osbourne confirmed that Police Chief Bell had forwarded all press inquiries to City Hall, to which Yamaguma responded, “Keep them coming my way… we have a statement we are sharing with all outlets.”
The City of Redwood was accommodating with media requests, promptly providing updates and ensuring a consistent statement made it to the public.
Redwood City moves forward
While the spoofed messages were ultimately harmless pranks, city officials were unanimous in reminding the public of the seriousness of the breach.
“We also want to remind the public that tampering with City infrastructure, including crosswalk signals, is unlawful and poses a safety risk,” Yamaguma told reporters.
City staff are now in the process of confirming and updating credentials on all crosswalk signals across Redwood City. “It will take a while to go out to each and every signal and confirm new password, etc.,” Lee wrote, recommending caution in how future public statements are worded to account for any missed vulnerabilities.
As of April 14, there were no reports of further breaches or who was behind them. However, the incident has sparked a broader review of cybersecurity protocols, staff accountability, and vendor contract requirements.
“Our goal,” said Stevenson-Diaz, “is to make sure something like this doesn’t happen again—while making it clear who is responsible when it does.”
The internet is chaotic—but we’ll break it down for you in one daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the best (and worst) of the internet straight into your inbox.
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
The post Redwood City officials confront infrastructure vulnerabilities after crosswalk signal breach targeting tech billionaires goes viral appeared first on The Daily Dot.
from Technology News – Important news at the intersection of Technology and Internet Culture https://ift.tt/ln81W7d
0 Comments