Nuisance hackers who swap questionable movie clips for ads on screens are problems, but the people paid to worry about digital signage security are far more concerned about tampering that could cripple businesses, invade privacy and endanger lives.
Any device connected over a network is at risk of being attacked, breached and corrupted — and that includes digital signage screens that may be in place for jobs as simple as telling shoppers what’s on sale. Risks have been elevated lately because of the Internet of Things (IoT), with its billions of connected devices and general drive to have networked systems “talking” to each other.
Here’s why that matters in the context of digital signage security, and what operators should think about.
In past years, larger organizations often isolated digital signage networks with separate internet connections so they didn’t affect corporate bandwidth availability, and often because IT had more important systems to worry about and manage.
These days, content and scheduling on sophisticated digital signage networks — used by everyone from fast food operators and retailers to airports and banks — is informed, shaped and triggered by data from other systems. For example, when a quick service restaurant (QSR) inventory management system runs low on turkey burger patties, the system controlling the digital menuboard displays reacts to a “rule” in scheduling and automatically removes that item from the menu — preventing diners from being frustrated at the order counter.
Interconnected systems that aren’t fully locked down against humans and bots are vulnerable, and a PC just there to put burger specials on a screen can be the side-door into a full-on security breach because systems are sharing network access and some data.
While most stories about advertising billboards and in-store screens having their media players breached consist of the intended programming being replaced with graphic videos or other malicious messages, what happens if sophisticated hackers use digital signage players to worm their way into the finance systems of a company? Maybe a hacker starts changing prices on menus to free, or flashes false emergency messages on screens in busy rail and airport hubs, causing chaos.
The point of vulnerability for digital signage security — just like at the office and at home — is the computer. Some of the worst IT breaches to date have been the cause of weak or obvious passwords, or out-of-date operating software. Computers can be optimized and “hardened” against hackers, but that takes experience and insight, custom development and a tight adherence to the same security policies and practices mid-sized to large companies use for their mission-critical systems.
Special purpose devices are one way much of the risk can be minimized. For example, the majority of Samsung’s commercial digital signage displays ship with built-in System-on-Chip media players. The latest generation of the Samsung Smart Signage Platform (SSSP) runs Samsung’s own IoT-centric Tizen operating system, which has high-level security designed in. Smart Signage Platform displays now meet the international Common Criteria for computer security certification, and moving forward, SSSP displays that use Samsung’s Tizen OS will share the military-grade security code used by smartphones.
Samsung’s Phillip Chan, a senior business development manager focused on SSSP, says built-in software steadily watches the smart signage display’s hardware and operating system, and is programmed to disable anything out of the norm. Perhaps the greater counter-measure against hackers is that these “smart” displays are single-purpose devices built to run a single app. It would be hugely complicated to get a malicious third-party app written and installed on the SSSP, says Chan, and even then, it wouldn’t run.
A breach of digital signage security could be a huge cost for a network operator, and is one of many less obvious considerations in planning.
Enhancing Digital Signage Security
A good first step for any organization is to conduct a security audit that looks at what a network is using and the processes and protections in place. There are technology safeguards — such as single-purpose appliance-like devices like Samsung’s SSSP and dedicated media players, as well as intrusion detection systems and virtual private networks (VPNs) that encrypt communications.
There’s also a set of best practices that can be applied — from improving passwords and multiple layers of user authentication, to testing networks for vulnerabilities and specifically tasking someone within the organization with security concerns and processes.
Ultimately, there’s the security bottom line: Treat digital screens with the same level of concern and protection as mission-critical systems.
Digital signage can provide a new level of customer interaction and engagement for your enterprise.