Digital signage is highly visible and the face of a business in much the same way as a spokesperson or social media feeds. It makes an attractive target as sports brand Asics found out recently. Promotional screens above their Central Auckland store in New Zealand facing a busy street displayed graphic adult video for hours.
Asics issued an apology, adding that they were working with their software and online security suppliers to ensure that it didn’t happen again.
This is not the only incident where digital signage has been compromised and it can cause a PR disaster for a company. Coverage of the Asic incident ran on news outlets across the world, include Vice, Daily Mail, CNN and more.
Why is it that more people are not asking about what it takes to secure digital signage devices? Even a short amount of unauthorized content can cause a major headache when thousands of people view the screens.
If you don’t want to make the news for a similar incident, you need to ask your provider about security. Controlling access to your system involves various aspects, such as physical access, OS maintenance and application security. All of these are important for a hacker-resistant system.
What are the Threats?
Many people don’t think about security until something bad happens and by then, it is often too late. It is important to think about security from the very start.
Interconnected systems that aren’t locked down are vulnerable. A system used to advertise specials on a screen can be used for a full security breach because systems share network access and data.
Most stories, like the Asic breach, consist of intended programming being replaced with graphic videos or malicious messages. Sophisticated hackers can use digital signage players to do more serious damage to a company. For instance, a casino in North America got hacked when attackers used an internet-connected fish tank as the starting point. It could just as well have been a digital signage player.
Using the word ‘hack’ may be an over-exaggeration when displays can be accessed through public Wi-Fi or Bluetooth. Bluetooth has been used as an attack vector in the past.
As most screens are in public areas, it doesn’t take a sophisticated hacker to change the content on your screens. Someone can walk up, unplug your player and plug in their own. Your first step towards making your system secure is to restrict physical access to network devices.
All public players should be kept out of sight, if possible, and in locked, break-proof enclosures. All screens must be securely attached to walls with attachments that are difficult to remove.
All PC ports and connections must be secured and the BIOS password-protected to prevent boot order from being changed.
Operating System Security
Without physical access to the screen, a hacker has to find a virtual backdoor to get into your system. Ask your digital signage vendor the following questions to find out if its solution offers operating system security.
- Does the operating system receive security updates?
- Are devices receiving updates automatically?
- Are updates cryptographically signed and automatically rejected if the update doesn’t match the cryptographic signature?
- Are the devices locked down? When there are no open network ports, this reduces the attack surface of players as open ports are easy to exploit.
- Are there default credentials on the devices? Vendors may program user accounts to make it easier to troubleshoot, but it also makes it easier for breaches to take place.
- Is all communication encrypted? Encrypting all communication between the client and the back-end makes it more challenging for an attacker to hijack the device.
Your digital signage application manages playback and reporting and adds another layer that must be secured. It is easy for hackers to intercept data if it’s not secured. Even if you have restricted access to your digital signage network and taken measures to protect your operating system from attack, your network may still be at risk due to third party applications.
This is why you need to select partners with the highest standards of security. For instance, they should use their own layer of encryption to all data, undergo regular security tests and audits, have SSL certificates and more.
Kuusoft’s NexSigns have all data communications encrypted with a 1024-bit AES algorithm to ensure privacy and communication security. This is an advanced level of encryption, such as that used in banking.
Other Ways to Improve Security
Conduct a security audit and look at processes and protections in place. Make sure that you apply best practices including improving passwords, using layers of user authentication, testing networks for vulnerabilities, etc.
Make sure you patch the devices as soon as vulnerability is announced. Sophisticated hackers will often exploit vulnerabilities and trade their exploits on hacker forums. Running a digital signage player connected to the internet with 4G that hasn’t been patched with the latest security updates puts you at risk.
Consider technology safeguards such as single-purpose appliance-like devices, virtual private networks (VPNs) where communications are encrypted and systems that can detect intrusions. If your digital signage players are isolated on a dedicated network, it means that the rest of your infrastructure isn’t at threat.
A Final Word
Any devices connected over a network are at risk of a breach. It includes a simple digital signage screen that may be telling shoppers what’s on sale. You cannot ignore security until it is too late and some damage occurs.
Security solutions aren’t always simple, and as with anything else, you get what you pay for. But, taking shortcuts can lead to big headaches in the long run. Consider the physical setup of screens and players. Protect your operating system and work with application vendors who take security seriously. These three steps will help you to effectively secure your network.