“First and foremost, traffic-system administrators should not use default usernames and passwords.”
Unlike traffic signals in my local area, which are networked with fiber (!), these were networked over WiFi. If details — 5.8 GHz — in a different article are to be believed, then this is either IEEE 802.11a or 802.11n which are common consumer WiFi specs.
Encrypted or not, leaving credentials at the default is stupid. In the field of traffic signaling, it probably ought to be a firing offense. Anyway, change those and risk would be reduced by, oh, let’s say 99%.
“They continue doing the same mistakes that software vendors did 10 years ago.”
No, that’s been going on for a long time. The default credentials for Digital’s VMS OS were SYSMAINT / SERVICE and that’s got to be from 30 years ago.
If you leave the doors unlocked and open, people will walk through them