Public displays are the ideal method to communicate one person’s message to a large group of others. The scope of these systems has grown from text to images and, now, dynamic video in public spaces in all major cities. The content is usually purchased and scheduled to support clear communication of desired information to the community. By connecting displays to cloud-based networks, these systems’ utility—and their access to content—has increased dramatically. And, there’s now the ability to collect analytics and run applications.
However, a concern looms. Are these connected public displays potentially unsecure? Can the information on the display come from someone other than a trusted source? Can someone hack into the display to create mischievous, or potentially dangerous, results? The simple answer to all of those questions is “yes.” The danger is real. We all must be extremely aware of how to protect our display systems and assets from such attacks.
A quick search of pages on the web confirms the point.
- “Here Are the Tools to Hack into Your City’s Public Advertising”
- “How to Hack Screens in Times Square”
- “Commandeering Public Display Screens”
The motivation for public attacks is most often just the novelty of it, or the challenge. However, the result can be both disruptive and damaging to viewers, as well as owners/operators, in these public locations. This threat will continue. Hackers will continue to succeed in disrupting service to systems not configured to assure the necessary privacy and protection.
A review of some examples of vulnerabilities might give insight into the steps that must be taken to assure the security and protection of these important assets.
Most public spaces offer free Wi-Fi that is not secure. Sadly, whether these networks are secure or not, there are methods to get into them very quickly, unless careful precautions have been taken. Realize that an IP address will be assigned upon connection. A user can then disconnect from Wi-Fi and scan from the internet for open ports at that IP. Then, from that information, it is possible to determine the configurations of the provider. For example, they might be serving a web-based login over an unsecured open port (e.g., port 80 (HTTP)). That interface can then show the manufacturer’s name. From that web interface, it is possible to search for other basic vulnerabilities, such as SQL injection, default or weak login credentials, or authentication bypass flaws.
By knowing the exact device (through analysis), the right version of firmware can be eventually identified and downloaded to “copy” the device. Firmware usually uses XOR-based encryption that is difficult, but not impossible, to bypass. Then, it’s a matter of unpacking and loading everything into an emulator and accessing the Common Gateway Interface (CGI) scripts that make up the router’s interface. Then, the system is open to identify vulnerabilities (e.g., buffer overflow that handles the logout process). By sending the system the information to exploit that vulnerability, a hacker could take full control of the device.
Recent Media Player Hack
Hackers have been able to control many popular online media players through infected media/subtitle files. By adding malicious code, an attacker, once the subtitle is downloaded by the player, can take complete control of a device. In a recent incident, the malicious subtitle file took advantage of platform-specific media player vulnerabilities. These trojans, once running on the infected media player, connect back to the hacker’s server; this allows the hacker to control and modify content remotely. This most recent vulnerability was reported, and most popular media player vendors have taken action to rectify it. More information is available at the following link: blog.checkpoint.com/2017/05/23/hacked-in-translation.
So, what is a client to do when it comes to securing a public digital display?
Here are 10 steps to take when system security is important to your display network.
- Scan for open ports vulnerabilities, using a tool such as Nmap and OWASP. Item by item, lock down your system wherever vulnerabilities are identified.
- Scan for web server vulnerabilities, using scanner tools. Lock down the server configurations. Hide information about the server and its versioning.
- Scan for framework-level vulnerabilities, using penetration testing and exploitation. Make sure all the security patches are current. Do not use frameworks that are weak on security.
- Using a password-cracking tool, check for password-related deficiencies. Follow strict password-protection methods. Passwords are still a top deficiency.
- Make your Wi-Fi connection secure with strong keys. The systems will guide you to strength.
- Keep the operating system up to date. Install all security patches in a timely manner.
- Disable external interfaces that could allow anyone to access the system physically. Often, physical security is overlooked, but it’s especially critical in a public space.
- Remove unnecessary accounts and nonessential access to the system. Restrict information to a select few with admin privileges.
- Restrict third-party applications to run in a sandbox (restrictive mode). Don’t give them super-user privileges.
- Unique hardware and software architecture that’s focused, from the ground up, on maintaining security can also be used to better protect the platform.
Those tips comprise an important checklist for your public display system and connected support. Take the time to review those basic steps with your IT and engineering staff. A little prevention now will discourage hackers and avoid disruption of services in the future.
Connected systems are a great new asset to the digital display business. The security of those systems goes hand in hand with their rollout.