Security with IoT devices and digital signage

A lock securing a blue window as Screenly secures your digital signage.

Security with IoT devices and digital signage

The Internet of Things (IoT) refers to the growing network of physical devices that can now transfer data to and from the internet. The McKinsey Global Institute estimates that IoT technology will impact the world economy by US $3.9 trillion to US $11.1 trillion annually by 2025. Popular consumer products such as Nest home management systems , Roomba vacuum robots, and self-driving cars are each part of the Internet of Things, and businesses are now in fierce competition to create the next IoT innovation.

However, despite the popularity of IoT products, the IoT industry does not come without its fair share of problems. The most pressing of these problems is arguably the lack of robust security features with many IoT devices. In this article, we list several reasons why the state of security in IoT is a problem, and we detail what we are doing at Screenly to secure our own IoT devices.

Why is security important for IoT devices?

One of the key value-propositions of IoT technology is that it allows consumers to connect and interact with physical devices. This value-proposition is important because it enables the benefits of the internet to transcend the computer monitor. Instead of only interacting visually with a web page, consumers can now interact with real devices in their physical environments.

For example, IoT technology enables users to turn on their air conditioning system as they drive home and arrive at an optimally cooled or heated living room. One can find more consequential examples in medical IoT technology, where patients use IoT glucose monitors to report their blood sugar levels to their doctor in real time.

IoT’s benefit of connecting physical devices also produces one of the technology’s most significant risks. Much like hackers can access and compromise your PC, hackers can also access and compromise your IoT devices. It is likely not a huge deal if a hacker manages to access your thermostat and mess with your home’s temperature. However, if a hacker accesses your glucose monitor and reports incorrect medical data to your doctor, IoT vulnerabilities can lead to adverse impacts on your healthcare.

What factors contribute to poor security in the IoT market?

A recent KPMG report, “Risk or reward: What lurks within your IoT” notes several startling figures regarding IoT security and its expected impact in coming years:

  • According to Gartner Inc., the IoT industry is expected to have 20.4 billion connected devices by 2020.
  • In IDC’s Worldwide Security Predictions report, experts predict that by 2020 over 25 percent of enterprise hacking will target IoT devices.
  • As detailed in AT&T’s Cybersecurity Insights Report, only 10% of companies implementing IoT devices “feel confident” that the devices are secure from hackers.

There are several factors in the IoT industry that contribute to these alarming figures. One factor is that the IoT industry is relatively immature. At this stage, companies are fiercely competing with each other in order to release new products and gain marketshare. To be first-to-market, companies often prioritize speed, ease-of-use, and visual design over device security. As a result, security in IoT hardware and software is usually just an afterthought. Companies then ship IoT devices with significant vulnerabilities that can be exploited by amateur and experienced hackers alike.

A second factor that contributes to the poor state of IoT security is a general lack of awareness of security best-practices among everyday consumers. Standard security best practices, such as keeping software up to date and resetting default passwords, are often ignored by IoT consumers. One can attribute these bad habits to a lack of consumer education regarding IoT security risks. Ideally, IoT device manufacturers should produce plug-and-play solutions that do not require customer intervention to remain secure.

Lastly, IoT security is also negatively impacted by the limited computing power of many IoT devices. These devices often have a small form factor, and they do not have a surplus of processing resources. Accordingly, many IoT devices do not have computing resources to allocate towards background security processes. These IoT devices are then left exposed to attack vectors that a company could otherwise secure if the devices had more processing power.

The importance of IoT security with digital signage

At Screenly, we build digital signage solutions. To operate a digital sign, one needs a digital signage player. A digital signage player is a physical piece of hardware that renders content to a display screen, and it is an IoT device itself. The device can connect to the internet to source content from cloud-based content management systems.

Accordingly, digital signage players are vulnerable to IoT hacks, and digital signage companies must take precautions to keep their devices secure. When digital signage players are not secure, hackers can force the screens to display embarrassing content or use the devices as a backdoor to access private servers. Take a look at some of the most noteworthy digital signage hacks.

Our digital signage player is called the Screenly Player, and we have taken several steps to keep the Screenly Player secure. Our engineering team regularly updates the software powering the Screenly Player in order to reduce security vulnerabilities. Screenly Players then automatically upgrade to the latest software version. These automatic updates are essential, as they prevent a scenario where a digital signage player sits on the shelf for years and remains vulnerable to known attack vectors.

Secondly, the Screenly Player runs on Canonical’s secure Ubuntu Core operating system. Ubuntu Core is a lightweight version of Linux-based Ubuntu. Canonical recently released Ubuntu Core 18, and the operating system maintains security by using “immutable, digitally signed snaps [to] ensure that devices built with Ubuntu Core are resistant to corruption or tampering.”

How to get started with secure digital signage

To get started with secure digital signage, you can purchase our Screenly Player via our Screenly Box 0 product. The Screenly Box 0 comes with one Screenly Player, a universal power cord, and an HDMI cable. To manage the content that your Screenly Player displays, you will need a subscription to Screenly’s digital signage software. You can learn more about Screenly on our tour page.