The prank occurred this past Monday as passersby were greeted by the hoax on the Foothills Parkway, near Boulder. The electronic highway sign, which should have notified motorists of shoulder work being done on the road through June, was altered to instead read “ZOMBIES AHEAD”.
Rick Barron, who was driving his wife to a nearby airport, recounted the incident for Denver’s 7NEWS: "My first thought was, 'Did that really say Zombies Ahead?'And my second thought was 'I've been in Boulder almost 30 years. If there were naked zombies riding bicycles with pumpkins on their heads, I guess we'd be used to it.”
All kidding aside, the CDOT said the control box for the sign was left unlocked, prompting it to conduct a check of all similar road signs to prevent further tampering.
"I'm sure it's just a question of contacting the contractor and asking them to make sure their signs are locked" CDOT spokeswoman Stacey Stegman told 7NEWS. "There are no zombies that I know of in Boulder, but stranger things have happened."
7NEWS also reported that instructions for operating the signs, including altering the message, can be found on the internet, in addition to information on how to reset the control box password.
Andrew Kemshall, a technical director with tokenless authentication provider SecurEnvoy, found the whole incident amusing, but asked why the highway workers would leave the control panel unlocked. “The answer is that conventional security with its tokens, often just gets in the way of people doing their job”, he replied.
Kemshall suggested that, if implemented properly, highway workers could authenticate themselves using their smartphones or other mobile devices, rather than having to remember a password – or, in this case, leaving a locked box opened and vulnerable to password hacking.
"As we've seen amongst the banks, who are now moving to 2FA devices to enhance online banking security, IDs and passwords are no longer enough to secure online systems – unless you happen to be the memory man and can remember a 12 digit alphanumeric with upper and lower case digits", said Kemshall.
"This is what makes the road sign incident such a key example of what can happen when security fails because it is too cumbersome”, he added. “If the workers had been able to use their mobiles to authenticate themselves, this saga wouldn't have occurred.”