Super Bowl Wi-Fi password credentials broadcast in pre-game security gaffe

Super Bowl Wi-Fi password credentials broadcast in pre-game security gaffe

Summary: Prior to the start of Super Bowl 48, the stadium's internal Wi-Fi login credentials were inadvertently broadcast on national TV.

TOPICS: Security, Verizon
super bowl security fail

During the pre-game coverage for NFL Super Bowl XLVIII, television news inadvertently broadcast the stadium's internal Wi-Fi login credentials, which were in plain sight on an enormous, unmissable, wall-mounted monitor inside a command center.

The Wi-Fi credentials, which have likely been changed as news of the security gaffe has spread like wildfire on Twitter and community blogs, had "marko" as the login, and a pseudo-leet speak variation of 'welcome here' as the password.

The televised segment broadcast this morning was a feature that gave a first-time peek into Super Bowl security headquarters.

It would appear that network security at the MetLife Stadium in East Rutherford, New Jersey, is not up to enterprise levels.

super bowl wifi password

According to Mobile Sports Report, the in-stadium Wi-Fi network at MetLife Stadium, built by Verizon, is free and open to customers of all carriers.

The credentials accidentally broadcast on TV may likely be an internal set of Wi-Fi access credentials, possibly for staff, press or ticketing systems.

While it's good to see the stadium's credentials were not 'admin' and 'password' the security failure will no doubt become yet another example of what not to do.

This year's Super Bowl match, where the Seattle Seahawks face off to the Denver Broncos, is expecting over 82,000 Wi-Fi-enabled guests this year.

Last year Ars Technica reported that along with a "no outside food" policy, attendees were disallowed from bringing wireless equipment that might interfere with the New Orleans Mercedes-Benz Superdome's Wi-Fi network.

"The NFL has a very robust frequency coordination solution in place," Dave Stewart, director of IT and production for Superdome management firm SMG, told me in a phone interview. "Every device that enters the building has to go through a frequency scan and be authorized to enter.

At the perimeter the devices are identified and tagged. If they present a potential for interference, they are remediated at that moment. Either the channel is changed or it is denied access. It's all stopped at the perimeter for this event."

In Stewart's words, the goal is to prevent any "rogue access points or rogue equipment from attempting to operate in the same frequency" as the stadium Wi-Fi network ("rogue" as in "not under the control of the system administrators").

The system went down during the game due to a "relay failure."

Hopefully after today's gaffe, Super Bowl security standards within the organization will be encouraged to meet the level of those as robust as those exercised on fans.

Topics: Security, Verizon

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Seriously...

    A login and password remaining displayed on a large screen... and on national TV.
    Someone may be missing at work tomorrow.
  • Comforting...

    It's comforting to know that the IT security workers that Target fired managed to find work somewhere else.
  • Why bio metrics needs a giant push.

    The problem with security is it has gotten too complex for the end user. Plain and simple.

    At work I have over a dozen passwords to access a variety of tools, networks and devices. Each has different password rules. None can be auto-synced and 3 require uniqueness between systems. Some rotate on a 3 month basis. Some on a 2 week basis. A couple on a 6 month basis. Some, I use 10-20 times daily and others 2-3 times per month. One requires so many special characters pseudo-leet is the only way to get a password that will work when anyone with any know how understands pseudo-leet is meaningless when password length is the number one item for strength once you outside a dictionary.

    Oh, and don't write anything down.

    There has to be a better way.
    • The problem is...

      biometrics are more usernames than passwords.

      If somebody cracks the biometrics on one system, they can access every system you have registered your biometrics with. You can't change your DNA or fingerprints, if they are "compromised".
      • And passwords are worthless

        When admins make the policies such a RPITA that you have to write them down. At the end of the day, bio-metrics are more secure.
  • wrong football

    NFL football does not have the white stripe. only college footballs have that.
    get things right, Violet!!
  • You linked to a post from 2013

    Your link to the "Relay Failure" at the end of this article is from last year's SuperBowl - not this year.