What started as a string of viral pranks on the West Coast—crosswalks blurting out fake messages from tech icons like Elon Musk and Mark Zuckerberg—has turned into a stark reminder of how vulnerable our city infrastructure is to cyberattacks.
In cities like Palo Alto, Redwood City, Menlo Park, and even Seattle, pranksters hijacked crosswalk audio systems, replacing standard pedestrian signals with bizarre, AI-generated messages. While many found the jokes amusing, cybersecurity experts warn the hacks underscore a much deeper issue: the glaring weaknesses in the wireless tech that powers smart city systems.
“City staff have disabled the audible feature until further repairs can be made,” said Meghan Horrigan-Taylor, spokesperson for Palo Alto, after the city confirmed its systems had been compromised. Though the impact was contained, the incident has raised red flags nationwide.
How Did It Happen?
Though the exact method of the hacks hasn’t been confirmed, experts suspect weak security protocols made the systems easy targets. Many of these crosswalks use Wi-Fi or Bluetooth connections, which, if left with default credentials or lacking proper encryption, can be breached by anyone with the right know-how.
Polara, a major supplier of accessible pedestrian signals, has deployed over half a million systems across the U.S. Their devices use a field service app that enables secure connections—but only if set up correctly. If default passwords are never changed, or wireless connections are unencrypted, hackers can potentially alter the system’s behavior—including what pedestrians hear.
“It’s an amusing hack, no harm done, but it points to a bigger picture where harm can be done,” said Brett Walkenhorst, CTO at Bastille, a company focused on wireless security. “If maybe erroneous audio were uploaded to tell someone the wrong thing, then you’ve got someone who is visually impaired listening to that, setting out into the crosswalk when they shouldn’t.”
Walkenhorst pointed out that these vulnerabilities are often the result of poor planning and oversight. Hackers could identify the model of a crosswalk system, find an online manual, and exploit its default settings without much resistance.
A Broader Warning for Critical Infrastructure
As cities adopt more wireless technology to power “smart” systems, experts say it’s time for governments to take cybersecurity far more seriously.
A report from IoT Analytics revealed that Bluetooth powers around 25% of connected IoT devices worldwide. It’s a popular choice for cities due to its low cost and ease of use—but it often comes with trade-offs in security.
What Cities Can Do Now
The first step, according to Walkenhorst, is awareness. Cities need to take inventory of every wireless and Bluetooth-enabled system they operate and ensure each one is properly secured. That means changing default passwords, encrypting connections, and creating protocols for safe deployment and maintenance.
“If we don’t have visibility into it, we can’t begin to address the problem,” he said.
In a world increasingly reliant on connected tech, these so-called “harmless” hacks should be treated as a serious wake-up call. The systems we depend on for everyday safety deserve more than just convenience—they need real protection.
