Hacker hits Toronto transit message system

Imagine Gerry Nicholls' surprise when he glanced at the electronic advertising sign on the Toronto-area commuter train he was riding last week and saw this message about the Canadian prime minister scroll across the screen: "Stephen Harper eats babies."

Said Nicholls: "I worked with Harper for five years and I know he has a craving for junk food, but I've never seen him eat a baby." He then explained his role in publicizing a hack of the transit system's message system.

"It was Thursday evening, April 27, about 5:30, and I was leaving Toronto and I was taking the GO Transit train," said Nicholls, vice president of the National Citizens Coalition. "Each car has a little electronic advertising sign and messages scroll across them and usually it's something like buy tickets to this event or messages about train safety. But this time the message on the sign was reading 'Stephen Harper eats babies,' every three seconds. Stephen Harper used to be my boss and he's president of the organization I work for right now."

Nicholls, who lives in a suburb of Toronto, thought the message on the sign was strange and figured it had to be some kind of parody, with some kind of kicker explaining what it meant. But there was no punchline, he said.

"My first thought was maybe I'm hallucinating and that this couldn't be. So I sent an e-mail to the GO Transit people and I put it on my blog. I never got any messages back from the GO Transit people over the next couple days," he said. "But people in the blogging community picked it up, and it sort of got all over the place and local media picked it up. Then I talked about it on a radio station and suddenly the GO Transit people were contacting me. They explained that a hacker got into the system and changed the message. Apparently, this person did it with a wireless device [that] costs about $25 ... at any hardware store or any tech store.... They don't know who it was and apparently it was running all last weekend on different trains."

GO Transit spokesman Edmund Shea explained that Toronto-based Exclusive Advertising, which set up the signs inside the trains, is usually responsible for programming the messages on them. "These are basic scrolling signs with advertising messages and GO Transit messages," he said. "They were installed at least six years ago and they've been problem-free until someone hacked into them and [changed the messages]. There have been about half a dozen incidents since last [April 27]. Unfortunately, they put a message on it that was a slur to our Stephen Harper, our prime minister - obviously, it's not our message. We don't endorse it. We regret that it happened and we're sorry if anyone's been offended, including our prime minister."

Shea said Exclusive Advertising reacted immediately. "Every time we had an incident like that, we took a car out of service and they reprogrammed the message board by deleting the messages and programming in again the correct messages," he said. "Now there's a fix for it that, to my knowledge, was not available back six years ago. And it's having the programming device password protected."

Shea said Exclusive Advertising is in the process of password protecting message boards in all the trains.

Although Shea didn't know exactly how the hacker managed to reprogram the message boards, Greg Donohue, president of Exclusive Advertising, offered some insight.

"We have about 800 of these LED scrolling message signs throughout the fleet of trains on the GO system," Donohue said. "The signs are programmed via an infrared remote control. When we bought the signs about six years ago, it was relatively new technology -- and at the time the signs weren't password protected."

Donohue said that while anyone with that particular remote control could reprogram the signs back then, it the remote control devices weren't available publicly. "You had to buy them through a distributor or the manufacturer and they were sold specifically for industrial use," he said. "But what's transpired over the years is that they are becoming available to the public through retail stores, i.e., Sam's Club. And you can buy the signs bundled with the remotes through other retail outlets. Because they're all on the same frequency, anybody that buys the sign and has the remote can reprogram signs. So what you need is to password protect each one. That's what we're doing now, password protecting them. So then you need a password to alter the message on the LED screen."

Donohue said never expected anything like the sign hacking to occur.

"We've had the signs up for six years and we're phasing them out because we're bringing in flat screen monitors on the trains, so in another year it wouldn't have mattered," he said.

Some detective work by a Canadian blogger may have discovered the identity of the hacker: a 24-year-old Canadian named Joshua, who talks about the incident on his MySpace page and has received kudos from friends for hacking the signs.

An e-mail to Joshua from Computerworld seeking comment went unanswered.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Linda Rosencrance

Computerworld
Show Comments

Cool Tech

Bang and Olufsen Beosound Stage - Dolby Atmos Soundbar

Learn more >

Toys for Boys

Nakamichi Delta 100 3-Way Hi Fi Speaker System

Learn more >

Sony WF-1000XM3 Wireless Noise Cancelling Headphones

Learn more >

ASUS ROG, ACRONYM partner for Special Edition Zephyrus G14

Learn more >

Family Friendly

Mario Kart Live: Home Circuit for Nintendo Switch

Learn more >

Philips Sonicare Diamond Clean 9000 Toothbrush

Learn more >

Stocking Stuffer

Teac 7 inch Swivel Screen Portable DVD Player

Learn more >

SunnyBunny Snowflakes 20 LED Solar Powered Fairy String

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?