Video Over the past few weeks, crosswalk buttons in several US cities have been hijacked to emit the AI-spoofed voice of Jeff Bezos and Elon Musk.

It’s all likely due to a free service app and poorly protected equipment.

This week in Seattle, some crosswalks began playing AI-generated messages that spoof tech tycoon Jeff Bezos. In one video clip a synthetic Bezos can be heard introducing him from the push-button boxes, and claiming that the crossing is sponsored Amazon Prime.

It then veered into a parody-turned social commentary: “You know, please don’t tax the rich, otherwise all the other billionaires will move to Florida too. Wouldn’t it be terrible if all the rich people left Seattle or got Luigi-ed and then the normal people could afford to live here again?”

One hand, it’s old-school hacker-fun, and on another, it’s an inconvenience for some walkers. The city government is not happy either: fixing the tampered button takes up staff time which could be spent in other ways. The Seattle Department of Transportation informed press that

“We take this matter seriously and are working as fast as we can to respond to the situation,” . It’s not only Seattle. The same hacks were also heard in Silicon Valley where crosswalk buttons were made to imitate voices of Elon Musk, Donald Trump, and Mark Zuckerberg. They told the SpaceX oligarch, “come back to bed.” to”come back to bed.”Below is a recording for YouTube.

Youtube Video.

Generating fake AI is simple these days. The technology is improving. Whoever is behind the pranks, they’ll likely continue. We think it’s possible because the manufacturer of the crosswalk gear made a mobile app that was publicly available and free to use. Now that the maker of the crosswalk hardware has removed the software from the official Android app store and iOS app store, the Register is able to reveal the trick in a responsible manner. Or how we are pretty sure it was done.

Easy As 1234

All the hacked crosswalks appear to be from Polara, America’s largest manufacturer of pedestrian signaling systems. When the signals are working properly, they usually say “wait,” “walk,” and “walk light is on.”

There is hundreds of thousands these devices deployed throughout the country. They are installed and maintained both by municipal governments and contractors. The hardware is designed to be simple, durable and reliable. The software that controls it is a basic industrial control system accessed through Bluetooth.

The Polara Field Service App, which was available for free on both Apple and Google Play until recently, can be used to manage all of this. It’s not surprising that it has been removed from both platforms, almost certainly due to the recent spate of mischief.

Polara released the app to make it easier for customers to configure crosswalks. This is either a good thing or a missed revenue opportunity, depending on your perspective. It was easy for pranksters, however, to get hold of it.

Once the app is installed and the smartphone is connected to a nearby crosswalk system using Bluetooth, the user has the option to configure the spoken messages that are triggered by button press, adjust the timing of the signals, and install language packages – in this instance, AI-generated voice packs. Deviant Ollam, a well-known hacker, explained how this all works in a video that was released last year. You can watch it below.

Youtube Video.

But, to get in you need a password. Anyone who has worked in security knows where this is headed. Polara’s documentation says that the default passcode for Polara products is 1234. It’s up the purchaser to change it in production. We’d bet that most installers didn’t bother, or chose something easy to guess. This simple trick will fool self-driving cars, according to new research. Hacking Christmas lights is a hobby of a former NSA cyberspy.

Ollam noted that although the app was no longer available in public app stores, many people still had it installed. Archived copies of the app are also likely to be floating around online. Someone will have to go out and change PINs, and keep a list of them. This is great until the lists are leaked. We understand that brute-forcing passcodes will not work, as the devices will lock you out after a few attempts.

“If governments are properly funded right now, there’s a chance we’d actually see work crews going out there, going intersection to intersection. But since at the present moment in time, government departments are being slashed and burned, who knows?” Ollam commented.

“Then again, this is a stunt that’s poking fun at the ruling class. So there’s often been a way of magically making money appear out of nowhere, even while children go hungry in schools that are underfunded.”

In an email to El Reg, Polara said that none of its systems had been compromised. If anyone had gotten into the in-field crosswalk system, they would have done so using valid PINs such as the default 1234: