How To Secure Your Digital Signage System - Blog








How To Secure Your Digital Signage System

By Guy Avital on 08/10


How To Secure Your Digital Signage System

Security, Security Security.

When it comes to digital signage we feel even more vulnerable than usual because digital signage screens are often public facing in areas with heavy foot traffic. We know what can happen when digital signage systems get hacked and screens show undesirable content. We can learn to protect our system by identifying important vulnerabilities.

So what does security mean when it comes to digital signage?

Most signage systems are divided into two deployment types: SaaS or an On-Premise server. SaaS deployments run on a cloud or a remote data center. On-Premise server deployment is a system installation via private cloud, company server room or a virtual environment. Both deployments can be vulnerable to hackers.  If the server is on-prem you do have better control and a more secure environment, but it is still not bulletproof.

If we want to discuss the vulnerabilities of digital signage networks, we first need to break down a signage solution into its components and analyze the vulnerabilities and security issues of each. We have 3 main components to a digital signage solution: Server / Cloud Server with signage software, Players, and Users.

Let’s start with the most complex component, the Digital Signage Server.

The Server component is complex because it is exposed to a large amount of cyber security attacks - too many to list here. Digital Signage Server holds all of the data, and media files used by your signage network. Digital signage software is running on top of an operating system and usually uses open source dependencies. The operating system is our first vulnerability.  Most operating systems have relaxed permissions by default. It is up to the operating system provider to make sure security is up to date and properly patched at all times. Most software companies use some kind of open source dependencies that can expose a vulnerability in the installation package itself. Scanning and updating the server software should bring these packages up to date. It is an ongoing process to maintain your server operating system and all of its third party components, which are open source in many cases.

Securing an operating system needs to be done mostly by IT staff and tested with a scanner regularly.

Elaborating on the vulnerabilities of various operating systems is beyond the scope of this article because there are different operating systems and too many vulnerabilities in each one to list. But the rule of thumb is that if you need to keep maintaining your security updates on your server operating system in order to stop potential security breaches.

On top of the server operating system and third party components you have the actual signage software. This software is under manufacturer control and is usually patched whenever there is a security vulnerability found. However, you need to make sure you are on the latest software version in order to benefit from ongoing security patches.

To hack the digital signage server the hacker will need to get access to the server using a backdoor vulnerability. These back doors are usually open ports or bad code that are like windows and doors that hackers can exploit to get access to and control of the server.

Digital signage servers need to be configured to close all non essential ports and services as well as be placed behind firewalls.

Digital signage software companies need to step up their security protocols and make it harder for hackers to take control of digital signage displays even if hackers succeed to get access to the server through a backdoor. This can be done by securing the process and checksum of media files and content that control the digital signage displays. There are different methods to do that such as using encryption and multi-checking workflow of media files before instructing players to play content. This way, even if hackers take over a digital signage server, they will still not be able to change what is displayed on digital signage screens. System administrators can always restore the compromised server using an image or backup with minimum downtime.

The second vulnerability is the player itself.

Some players can be running different types of operating systems - all with their individual vulnerabilities. Patching and updating these players regularly is the first line of defense. Second line of defense is locking these players from any incoming external communication from any source. Player software should send requests to the internet or the signage server, but no traffic should be incoming through listening ports. This can be done using firewall software on the player, closing all the ports, VPN and other methods. Securing players is key because you have many of them spread across multiple networks and running different operating systems which makes them more vulnerable to hackers.

SMART TV and System on Chip (SOC) players are the new trend in digital signage where the operating system is lighter and more secure. But even on these devices you need to make sure to disable Wifi if it’s not in use. In addition, disabling USB ports is a good idea so no one can tamper with them. The digital signage software on the players is the third line of defense where the software itself needs to use internal checksum of the media files and playlists in order to authenticate their source validity before playing them.

The third and most common vulnerability is the users. It is much easier for hackers to exploit user credentials than hack a server or player environment. Users usually make up most of the security issues and creates an opportunity for hackers to get access to their account using weak passwords, phishing attacks, and malware . User security starts with educating users and urging them to follow security protocols to prevent a security breach. Nevertheless the software and servers need to be up to security standards such as SSL, strong passwords, multi-factor authentication, account lock after a number of failed log-in attempts, log-in notifications and more.

 

 

Conclusion

It’s fair to say that the security of digital signage servers is an ongoing process. Digital signage is growing rapidly. But with accelerated growth we see an increased number of attempts to exploit these systems.  A positive trend we are seeing is that companies are not only taking security seriously in public facing digital signage applications but internally as well.