Silicon Valley Crosswalk Buttons Hacked in Unprecedented Cyberattack
In April, an unknown attacker targeted roughly 20 street intersections across Silicon Valley, exploiting weak default passwords on wireless crosswalk buttons to replace standard pedestrian alerts with spoofed recordings of tech CEOs. At a Menlo Park intersection, a fake Mark Zuckerberg warned of AI’s inevitable dominance, while another clip mocked democracy. Nearby, an altered Elon Musk voice made bizarre claims about former President Donald Trump and personal loneliness.
The hack, which later spread to Seattle and Denver, exposed glaring security oversights in municipal infrastructure. Emails obtained by WIRED reveal city officials in Menlo Park, Redwood City, and Palo Alto scrambling to respond, with Redwood City’s then-manager demanding accountability for the lapse. The city’s vendor contract lacked explicit cybersecurity requirements, despite the buttons’ Bluetooth-enabled customization features.
Polara Enterprises, a major supplier of these buttons, ships models with a default password of “1234” and provides public documentation for their configuration app. Months before the attack, a security researcher had demonstrated the vulnerability in a YouTube video, though authorities have yet to identify the perpetrator. Surveillance footage and the buttons’ lack of user tracking left the investigation at a dead end.
The incident prompted federal scrutiny, with a retired Federal Highway Administration official emphasizing the need for stronger cybersecurity clauses in municipal contracts. The agency had previously issued advisories on securing crosswalk systems, but enforcement remains inconsistent. The hack underscores the risks of overlooked vulnerabilities in critical urban infrastructure.
Source: https://www.wired.com/story/crosswalk-city-hack-cybersecurity-lessons/
City of Redwood City cybersecurity rating report: https://www.rankiteo.com/company/city-of-redwood-city
City of Menlo Park cybersecurity rating report: https://www.rankiteo.com/company/city-of-menlo-park
Polara cybersecurity rating report: https://www.rankiteo.com/company/polara
Palo Alto Networks cybersecurity rating report: https://www.rankiteo.com/company/palo-alto-networks
"id": "CITCITPOLPAL1776104847",
"linkid": "city-of-redwood-city, city-of-menlo-park, polara, palo-alto-networks",
"type": "Vulnerability",
"date": "4/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Pedestrians at affected '
'intersections',
'industry': 'Government/Infrastructure',
'location': 'Silicon Valley, California, USA',
'name': 'Menlo Park',
'type': 'Municipality'},
{'customers_affected': 'Pedestrians at affected '
'intersections',
'industry': 'Government/Infrastructure',
'location': 'Silicon Valley, California, USA',
'name': 'Redwood City',
'type': 'Municipality'},
{'customers_affected': 'Pedestrians at affected '
'intersections',
'industry': 'Government/Infrastructure',
'location': 'Silicon Valley, California, USA',
'name': 'Palo Alto',
'type': 'Municipality'},
{'customers_affected': 'Pedestrians at affected '
'intersections',
'industry': 'Government/Infrastructure',
'location': 'Washington, USA',
'name': 'Seattle',
'type': 'Municipality'},
{'customers_affected': 'Pedestrians at affected '
'intersections',
'industry': 'Government/Infrastructure',
'location': 'Colorado, USA',
'name': 'Denver',
'type': 'Municipality'},
{'industry': 'Infrastructure Technology',
'name': 'Polara Enterprises',
'type': 'Vendor/Supplier'}],
'attack_vector': 'Exploitation of weak default passwords',
'date_detected': '2024-04',
'description': 'An unknown attacker targeted roughly 20 street intersections '
'across Silicon Valley, exploiting weak default passwords on '
'wireless crosswalk buttons to replace standard pedestrian '
'alerts with spoofed recordings of tech CEOs. The hack later '
'spread to Seattle and Denver, exposing security oversights in '
'municipal infrastructure.',
'impact': {'brand_reputation_impact': 'Negative publicity for municipal '
'infrastructure security',
'operational_impact': 'Disruption of pedestrian alerts, '
'replacement with spoofed audio messages',
'systems_affected': 'Wireless crosswalk buttons at ~20 '
'intersections'},
'investigation_status': 'Dead end (lack of user tracking and surveillance '
'footage)',
'lessons_learned': 'Need for stronger cybersecurity clauses in municipal '
'contracts, enforcement of security best practices for '
'urban infrastructure, and addressing default password '
'vulnerabilities.',
'motivation': 'Unknown (potentially mischief or demonstration of '
'vulnerability)',
'post_incident_analysis': {'corrective_actions': 'Review and update vendor '
'contracts, change default '
'passwords, enhance '
'monitoring, and enforce '
'federal security '
'guidelines.',
'root_causes': 'Weak default passwords, lack of '
'cybersecurity requirements in '
'vendor contracts, public '
'documentation of configuration '
'apps, and insufficient enforcement '
'of federal advisories.'},
'recommendations': 'Implement cybersecurity requirements in vendor contracts, '
'change default passwords, enhance monitoring of critical '
'infrastructure, and enforce federal advisories on '
'securing crosswalk systems.',
'references': [{'source': 'WIRED'},
{'source': 'YouTube (security researcher demonstration)'}],
'regulatory_compliance': {'regulatory_notifications': 'Federal Highway '
'Administration '
'advisories on securing '
'crosswalk systems'},
'response': {'communication_strategy': 'Emails obtained by WIRED reveal city '
'officials scrambling to respond',
'containment_measures': 'Investigation into the attack, review '
'of vendor contracts'},
'stakeholder_advisories': 'Federal Highway Administration emphasized stronger '
'cybersecurity measures for municipal contracts.',
'threat_actor': 'Unknown',
'title': 'Silicon Valley Crosswalk Buttons Hacked in Unprecedented '
'Cyberattack',
'type': 'Hacking',
'vulnerability_exploited': "Default password ('1234') on wireless crosswalk "
'buttons'}