Iain Thomson at The Register follows up on the “hacked” crosswalk buttons across Silicon Valley (and Seattle!) that hilariously spoofed the voices of Mark Zuckerberg and Elon Musk. He notes, first, that the app to manage the devices was pulled from the various app stores as a theoretical precaution against further “hacks”, and second:

After installing the app, and linking the smartphone to a nearby crosswalk system via Bluetooth, the user can configure the spoken messages triggered by button presses, adjust the signal timing, and install language packs […]

However, getting in requires a password — and anybody who’s worked in security can see where this is going. As Polara’s own documentation states, the default passcode is 1234 and it’s up to the purchaser to change that in production. We’d wager most installers never bothered, or picked something easily guessable.

This was also my assumption when I skimmed the device manual. I refrained from explicitly noting the password, figuring anyone curious enough to read the manual would know what to look for.

But I’m not convinced access was achieved via an unchanged or easily guessed password. First, the system requires changing the default password:

Each unit will require the password be changed from default in order to avoid the repeating “Change Password” voice message.

Second, there’s a ten-minute timeout after five wrong entries. Truly simple passwords (1111, 1212, 1397, 1471, 1595, and other repeating or geometric patterns) might require only 20 to 30 minutes; more difficult ones could require a couple hours. Humans being human, it’s possible, even likely there was a remarkably poor password choice. With enough “hackers” at enough crosswalks—or simply persistent effort—brute forcing it is a very likely scenario.

However, there’s another possibility, one which makes me face-palm and chuckle. From the device manual:

If the password is unknown, the password can be reset to factory default by tapping the Reset button on the password prompt dialog. Call Polara at the number listed on the reset dialog and request a password reset verification code. Enter the new verification code into the dialog box and the password will be reset to 1234. Enter the default password at the prompt and then follow the below instructions to change the password from default and continue configuring the device.

Yep, you can just call the company, give them a “challenge code” from the app, and they’ll reset the password to the default.

It’s unclear if there’s any additional verification.

Security theater at its finest. You wanted a miracle, I give you the IT Team.