The Dumbest Hack of the Year Exposed a Very Real Problem

In April, unknown actors exploited default Bluetooth credentials on Polara crosswalk push buttons to wirelessly upload fake audio at about 20 intersections across Silicon Valley (and later reported in other cities), causing public embarrassment and prompting cities to reassess vendor security and contractual clauses; the attack leveraged easily guessable default passwords and widely available tooling rather than advanced techniques.