CISA Flags Three Daktronics Controller Flaws That Could Let Attackers Hijack Highway Signs
A researcher found the vulnerabilities in controllers widely used to drive digital billboards and roadway message signs. Exploitation could mean someone else controls what drivers read.
CISA has published an advisory covering three vulnerabilities in Daktronics controllers — the hardware backbone behind a significant share of North America's digital highway signs and large-format billboards. A single researcher discovered all three. CISA sits as the notifying authority here, placing this squarely under federal critical-infrastructure oversight.
Daktronics equipment runs message displays across highway corridors, sports venues, and commercial outdoor advertising networks. That's not a trivial attack surface. Arbitrary control of a roadway sign isn't a nuisance scenario; it's a public-safety one.
The advisory does not name the researcher publicly, and Daktronics has not yet posted a standalone security bulletin on its own site at time of publication. The three flaws are catalogued under CISA's ICS advisory program, which covers operational technology and embedded controllers that rarely get the patch cadence of enterprise software.
CISA has not detailed full technical specifics in the public-facing notice, which is standard practice when patches are still rolling out. What the agency does confirm: the vulnerabilities allow remote exploitation. No physical access required.
Remote exploitation of sign controllers raises two distinct concerns. First, the obvious: message manipulation. Second, and less discussed: pivoting from a compromised display controller into adjacent network segments, particularly where venue or transportation management systems share infrastructure.
Owners and operators of Daktronics hardware should treat this as a prioritisation call, not a 'patch when convenient' item. CISA's ICS advisories carry weight precisely because the agency coordinates disclosure with vendors before going public. The fact that this one is live means the vendor had its window.
What affected operators should do
Check your Daktronics controller firmware version against the affected range specified in CISA's ICS advisory. Apply any vendor-issued patches immediately. If patches are not yet available for your version, CISA's standard guidance applies: isolate the controllers behind a firewall, remove them from internet-facing network segments, and use a VPN for any remote management access — ensuring the VPN itself is fully patched. Audit which network segments share connectivity with display controllers. Log all access attempts. Report anomalous behaviour to CISA via their 24/7 reporting line.
