Digital signage is highly eye-catching and the face of a business in much the same way as a spokesperson or social media feeds. It makes an attractive target as sports brand Asics found out recently. Above their Central Auckland store in New Zealand, promotional screens facing a busy street displayed graphic adult video for hours.
Asics issued an apology, adding that they worked with their software and online security suppliers to ensure that it didn’t happen again.
This is not the only incident where digital signage is in a compromising situation, and it can cause a PR disaster for a company. For instance, the coverage of the Asics incident ran on news outlets worldwide, including Vice, Daily Mail, CNN, and more.
Why is it that more people are not asking about what it takes to secure digital signage devices? Even a short amount of unauthorized content can cause a major headache when thousands of people view the screens.
If you don’t want to make the news for a similar incident, you need to ask your provider about security. Controlling access to your system involves various aspects, such as physical access, OS maintenance, and application security. All of these are important for a hacker-resistant system.
What are the Threats?
Many people don’t think about security until something bad happens, and by then, it is often too late. It is important to think about security from the very start.
Interconnected systems that aren’t locked down are vulnerable. Professionals can use a system for advertising specials on a screen for a full security breach because systems share network access and data.
Like the Asics breach, most stories consist of intended programming replaced with graphic videos or malicious messages. Sophisticated hackers can use digital signage players to do more serious damage to a company. For instance, a casino in North America got hacked when attackers used an internet-connected fish tank as the starting point. It could just as well have been a digital signage player.
Using the word ‘hack’ may be an over-exaggeration when you and other key persons can access displays through public Wi-Fi or Bluetooth. Bluetooth was a popular attack vector in the past.
As most screens are in public areas, it doesn’t take a sophisticated hacker to change the content on your screens. Someone can walk up, unplug your player and plug in their own. Therefore, your first step towards making your system secure is to restrict physical access to network devices.
All public players should be kept out of sight, if possible, and in locked, break-proof enclosures. So, all screens must be securely attached to walls with attachments that are difficult to remove.
Last but not least, you must secure all PC ports and connections and the BIOS password-protected to prevent boot order from being changed.
Operating System Security
Without physical access to the screen, a hacker has to find a virtual backdoor to get into your system. Ask your digital signage vendor the following questions to find out if its solution offers operating system security.
- Does the operating system receive security updates?
- Can devices receive updates automatically?
- Are updates cryptographically signed and automatically rejected if the update doesn’t match the cryptographic signature?
- Have the devices locked down? When there are no open network ports, this reduces the attack surface of players as open ports are easy to exploit.
- Are there default credentials on the devices? Vendors may program user accounts to make it easier to troubleshoot, making it easier for breaches to occur.
- Is all communication with encryption? Encrypting all communication between the client and the back-end makes it more challenging for an attacker to hijack the device.
Your digital signage application manages playback and reporting and adds another layer that you must secure. It is easy for hackers to intercept data if it’s not under high security. Even if you have restricted access to your digital signage network and taken measures to protect your operating system from attack, your network may still be at risk due to third-party applications.
This is why you need to select partners with the highest standards of security. For instance, they should use their own layer of encryption to all data, undergo regular security tests and audits, have SSL certificates, and more.
Kuusoft’s NexSigns have all data communications encrypted with a 1024-bit AES algorithm to ensure privacy and communication security. This is an advanced level of encryption, such as that used in banking.
Other Ways to Improve Security
Conduct a security audit and look at processes and protections in place. Ensure that you apply best practices. This includes improving passwords, using layers of user authentication, testing networks for vulnerabilities, etc.
Make sure you patch the devices as soon as a vulnerability is announced. Sophisticated hackers will often exploit vulnerabilities and trade their exploits on hacker forums. For example, running a digital signage player connected to the internet with 4G that hasn’t been patched with the latest security updates puts you at risk.
Consider technology safeguards such as single-purpose appliance-like devices, virtual private networks (VPNs) with encrypted communications, and systems that can detect intrusions. If your digital signage players are in isolation on a dedicated network, it means that the rest of your infrastructure isn’t a threat.
A Final Word
Any devices connected over a network are at risk of a breach. It includes a simple digital signage screen that may be telling shoppers what’s on sale. So, you cannot ignore security until it is too late and some damage occurs.
Security solutions aren’t always simple, and as with anything else, you get what you pay for. But, taking shortcuts can lead to big headaches in the long run. Consider the physical setup of screens and players. Protect your operating system and work with application vendors who take security seriously. These three steps will help you to secure your network effectively.