Unsecure digital signages pose serious content threatsNitesh Thattasery
Digital signage networks have witnessed rapid growth across multiple industries the past few years. Controlling content across multiple devices is a critical and highly responsible job. Especially when the display devices are placed in the public domain, securing the content becomes a very important responsibility. The pornographic video allegedly played at a platform at Rajiv Chowk metro station is an eye opener to media agencies and officials on how vulnerable “free” and “open source digital signages” are. When these systems are not evaluated on security aspect, it makes them susceptible to such external threats/hacks. Supposedly the system (at Delhi metro) got hacked through a WIFI that is locally controlled. This sort of interference with the system will not be possible if the application is cloud-based and centrally controlled/monitored on a SAAS basis.
Vulnerability of some of Digital Signage Platforms
In simple terms, the standard architecture of a digital signage platform involves cloud-based centralized management software sending digital media files and play out instructions to remote media players. While some vendors employ a managed, Software as a Service (SaaS) architecture, others require their software installation on premise. Likewise, some companies use appliance-based systems, while others employ PC-based digital media devices. These architectural differences have an impact on the security questions required for a digital signage implementation:
1. Does your organization have the physical security necessary to prevent intrusion for an on-premise installation? What about the host site?
2. What is the media player-server communication protocol? Does it support encrypted transport of content data?
3. What is the operating system on the centralized server…On the media players?
4. Is the management software web-based on client-side? How does the software manage user access?
Knowing your digital signage platform specifications will help answer these questions. Whichever architecture you choose, the core security considerations of any digital signage implementation should include:
Physical security is frequently the most overlooked element in a security plan. Institutions spend millions on firewalls and intrusion detection systems, but often fail to implement physical safeguards to prevent unwanted access or information technology assets from simply being uprooted and carried out the door.
Assuming the physical security of the facilities managing the servers and locations housing the media players are sound, the next security item to consider is device-level security. This component is as critical
as any other, as there is a potential to have hundreds if not thousands of devices involved in a network. Selecting a device that does not have airtight security puts your network at risk for theft, malicious attacks that may degrade your network, or even worse, allow a hacker to upload inappropriate content.
To determine the security of a media player device, consider the following aspects:
- Local Accessibility
• BIOS or Boot-ROM Accessibility
• Operating System
Network security is paramount to having a healthy and well-performing digital signage network and includes firewalls and VPN considerations as well as the media player server communications protocol implemented by the vendor.
First and foremost, secure media player architecture should connect out, not in. What this means is that your media players can be reached by inbound signals – neither yours nor those from potential hackers. Having this protocol style means you have only one potential hack site to watch the centralized enterprise server installed on a cloud.
The user interface software of digital signage platforms is either web-based systems that leverage a browser to access and execute logic over the network on the cloud or client-side software where the logic and executions are conducted locally. Although it is unlikely a local virus would be smart enough to perform damage to a web-based cloud application, both web-based and client-side approaches inherit the security risks associated with viruses and spyware that can attack a local machine. Antispyware and virus protection systems, therefore, are a must at the local level.
Lastly, having operational protocols in place will go a long way to ensuring sound security for your digital signage network. Even though you have the physical, technical and networking security solutions in place, most security breaches occur simply because users share their passwords with co-workers, old passwords are not deactivated, or vendors don’t maintain compliance with the latest software upgrades.
Network operators must consider employees and vendor’s employees as part of the security fabric. Many attacks come from what is known as social engineering rather than technical engineering. Ensure that vendors are verifying the identity of those who are requesting changes to be made to operational software and systems. Passwords, access codes, media and software should never be made available without verification of identity.