Hackers Exploit Default Passwords to Broadcast Anti‑Trump Messages on Denver Crosswalk Signals
What Happened — Over a weekend in March 2026, the audio prompts on two newly‑installed pedestrian crosswalks in Denver, Colorado, were reprogrammed to broadcast a profanity‑laden anti‑Trump message. The attackers gained access by using the devices’ factory‑default credentials, a known misconfiguration issue with the Polara crosswalk system.
Why It Matters for TPRM —
- Critical public‑safety infrastructure can be commandeered with trivial credential reuse, exposing municipalities to reputational and liability risk.
- Default‑password vulnerabilities are repeatable across IoT deployments, indicating systemic vendor‑side security gaps.
- Remediation consumes municipal budgets and may trigger regulatory scrutiny for accessibility compliance.
Who Is Affected — Municipal transportation departments, IoT infrastructure vendors (e.g., Polara), and the visually‑impaired public relying on audible crossing cues.
Recommended Actions —
- Conduct an immediate inventory of all IoT and smart‑city assets and verify that default passwords have been changed.
- Enforce a secure onboarding process that mandates unique, strong credentials and disables remote default accounts.
- Deploy network segmentation and continuous monitoring for anomalous audio or command changes.
- Require vendors to provide documented hardening guides and to certify that devices ship with non‑default credentials.
Technical Notes — The breach leveraged a misconfiguration (factory‑default password) rather than a software flaw; no CVE is associated. The attack vector was unauthorized remote configuration of the crosswalk audio module, affecting the audio instruction component used by blind and visually‑impaired pedestrians. Source: Bitdefender Blog