Hi-Jacking Billboard in EDSA

First, a disclaimer. No actual description of hacking attempts are detailed in this post, just a write up of possible attack vectors.

Those huge electronic billboards in EDSA are so rampant that they now pose serious safety issues. Aside from that, they are also quite distracting and not so entertaining. But being a 1337 hax0r such as yourself, you can change that. Hacking these billboards are not new, for example, this presentation in Defcon: https://www.youtube.com/watch?v=tpZ_NDx35u8, gives insight on what can be done to gain access to these devices. But maybe you’re stuck in traffic and got bored: https://www.techworm.net/2016/10/bored-hacked-billboard-show-steamy-video-says-arrested-programmer.html, what can you do?

Some of the attack vectors on this case study.

  • Wireless access such as wifi and bluetooth are used by digital billboards – war driving along EDSA is easily doable, maybe you’ll get lucky and find a PLDTDSL access point with default wireless credentials.
  • Physical access to actual terminals with maybe a USB device that you can plug-in. Don’t forget to wear a generic maintenance uniform, lol.
  • Find a web portal for these displays. Sometimes, the company name or logo will be displayed along the billboard itself. Go do some OSINT with shodan, etc. Access may easily be acquired by exploiting common web vulnerabilities on their websites.
  • Some of these companies are headquartered along EDSA, drop by and apply for a job / pose as a client, and identify access from within their IT infrastructure.

  • For providers of these services, NullForge will gladly perform a thorough vulnerability assessment and penetration test for your organization.

Case Studies

Hi-Jacking Billboard in EDSA