Protection Against Hacked Software and Malware
One of the main points of attack for criminally motivated attacks is software. In a digital signage installation, the media player, as the mostly poorly protected device, becomes the focus of attention. With Android and Windows, two proven operating systems are available for media players. Yet every new version bears the risk of bugs and gaps. These can occur even with the best documentation and cleanest code.
Check Operating System Updates and Use Them with a Delay
New operating system versions should be thoroughly tested by the hardware supplier before they are installed in the large number of mini-PCs that are usually part of a digital signage installation. As experience has shown, it might be better to wait for one or the other security update or even to skip a first software release, as old OS versions are more reliable and stable.
User Access Only for Selected Applications
At the application level, highly restricted user rights are recommended. Only absolutely necessary applications should be able to run and gain access to the system. These exceptions include the app that enables access to the server-based content management system for the signage content. This restriction brings important security advantages: less room for hackers to attack and fewer opportunities to make accidental misconfigurations.
Targeted Use of Antivirus Software and Firewalls
Anti-virus and anti-spyware should be installed on the media players. And they should of course update themselves so that cyber criminals get as few entry points as possible. Hackers who “sniff” for open ports via the Internet should be prevented from gaining virtual computer access by means of sharply configured firewalls.
Quickly Correct System Errors with Master Images
And what if the system does become faulty and there is a suspicion that hackers were at work? Digital signage network operators investigate such suspicions with the help of device management software. The systems show whether the software is running on the players and whether the content is being played. If the content does not land on the displays, an attack could be the cause.
In this case, the administrators remotely set up the player again by completely overwriting the existing installation with a functioning master image. Companies that have deposited the master image on the SSD in a hidden partition can restore their configuration and digital signage operation with comparatively little effort: The image is simply copied from the hidden partition or from the local edge server to the active partition of the SSD. Long downtimes are avoided.
Displays with Integrated Players are More Vulnerable
The security options mentioned so far assume that the media player in use is fully controllable. This applies to signage systems with separate players. In the case of displays with integrated players – also called “System on a Chip (SoC)” – this is not the same: if one of these SoC players is hacked, then at the very same moment every display worldwide using this SoC is a gateway for hackers. For this reason, we currently advise our customers to avoid using displays with SoC players for professional digital signage installations.