An amusing incident involving a Denver, Colorado digital road sign that was hacked to display `Zombies Ahead’ has been highlighted by SecurEnvoy as a classic demonstration of the need for transparent authentication.
“The Denver incident at the weekend – amusing though it was – centered on the fact that someone opened an unlocked control panel and reprogrammed the warning road sign,” said Andrew Kemshall, technical director with SecurEnvoy, the pioneers of tokenless authentication.
“The $64,000 question, once the laughter has died down, is why the highways authority didn’t use some form of security, and the answer is that conventional security with its tokens, often just gets in the way of people doing their job,” he added.
But, says Kemshall, what if the highway staff were able to authenticate themselves to the road sign – and all manner of emergency highway equipment – using their smartphone?
Let’s face it, he adds, almost everyone carries a mobile with them these days, and highway workers in the US are no exception, as they probably use them to communicate with their colleagues and, of course, their base.
But the director of technology with SecurEnvoy went on to say, what if that same mobile could act as an authenticator to many other electronic systems, and not just digital road signs?
It could, for example, allow managers on the highway to enter staff worksheets online, via the regular Internet, but authenticating themselves without the need for passwords and tokens. Just type in your ID to the Web site, and a mobile phone, key in the returned electronic token number, and away you go – securely.
Just as smartphones have revolutionised the security of lone worker employees – a legal requirement in many organisations – so the smartphone can also be used to securely authenticate users without the need for an easily-lost two-factor authentication (2FA) token.
“As we’ve seen amongst the banks, who are now moving to 2FA devices to enhance online banking security, IDs and passwords are no longer enough to secure online systems – unless you happen to be the memory man and can remember a 12 digit alphanumeric with upper and lower case digits,” said Doe.
“This is what makes the Denver, Colorado Zombies road sign incident such a key example of what can happen when security fails because it is too cumbersome and if it’s happened in the US, how long before it happens here. If the workers had been able to use their mobiles to authenticate themselves, this saga wouldn’t have occurred,” he added.
“This incident may be funny, but it could have been quite nasty if the hacker hadn’t been so humorous. All sorts of traffic panic situations could have occurred, and that really is not good.”