In April 2025, a hacker executed an unusual cyberattack across Silicon Valley, targeting roughly 20 street intersections. Authorities later suspected the attacker exploited weak default passwords to customize audio recordings played when pedestrians pressed crosswalk buttons. Instead of the usual wait or cross commands, pedestrians heard altered voices of tech billionaires Mark Zuckerberg and Elon Musk.
The incident drew attention when a false Zuckerberg commented on AI forcing itself into every aspect of life, while Musk was heard making bizarre remarks, including referring to President Donald Trump as "sweet" and feeling "alone." The hack quickly escalated beyond Silicon Valley, affecting cities such as Seattle and Denver, prompting local officials to reevaluate their cybersecurity measures.
Public records reveal a frantic response from cities like Menlo Park, Redwood City, and Palo Alto amid the confusion. Redwood City’s then-city manager, Melissa Diaz, questioned staff accountability for the breach in internal emails post-hack. Current city manager, Nick Mathiowdis, stated they are learning from the incident and improving best practices but withheld specific details to prevent future exploits.
Edward Fok, a former Federal Highway Administration cybersecurity official, noted that cities must integrate cybersecurity clauses into technology contracts, emphasizing security in the face of increasing technological integration into public infrastructure. During the hack, Redwood City had only mandated "reasonable diligence" in contracts without specific cybersecurity stipulations.
After the incident, Synapse ITS, the company that owns Polara Enterprises (the main supplier of these buttons), acknowledged the need for stronger security protocols. These buttons had default passwords like "1234," easily exploitable via widely available apps. Despite no direct inquiries from law enforcement, Synapse claimed to have elevated its security measures since the events, including requiring stronger passwords and additional verification steps.
In the days following the Silicon Valley spoofing, Seattle also fell victim, with recordings imitating Jeff Bezos, pleading against taxing the rich. The Seattle transit division quickly responded by assigning unique passwords to their buttons.
Unfortunately, as investigations lingered, the identity of the hacker remained unknown due to a lack of surveillance footage and button tracking capabilities. Similar tampering occurred later in Denver, where buttons were used to distribute anti-Trump messages, highlighting the ongoing risks posed by inadequate security in public infrastructure.
This incident serves as a striking example of the vulnerabilities that exist in everyday technology and the necessity for rigorous cybersecurity measures to safeguard public safety and maintain trust in urban infrastructure.
