Secure Digital Signage

Screenly digital signage is secure.

Why is security in digital signage important? After all, a digital sign is just a device that displays some images and a few videos in a lobby or storefront, right?

Let’s start with the obvious reason: your reputation. As outlined in our guest post “Why Are We Not Talking About Digital Signage Security?” on the industry blog RavePubs, digital signage screens get hacked all the time, and for good reason. Digital signage screens are most naturally located in areas with high foot-traffic. Therefore, a digital sign makes for the perfect target if you want to either deface a business or just do some hacking “for the lulz” (i.e. for fun, as it’s called in some of the darker corners of the internet). Having to explain to your boss why there is pornography or ransom ware notices showing on your screens is likely a conversation none of us would like to have.

The second reason is perhaps not as obvious: because your digital signage player is presumably connected to your network, an attacker could potentially gain access to other devices on your network by attacking the player. For instance, in 2018, a casino in North America got hacked by attackers using an internet-connected fish tank as the starting point for the attack. The internet-connected fish tank could just as well have been a digital signage player. Therefore, even if the digital signage player by itself is not a hacker’s target, the device can be used as a stepping stone to other more sensitive systems.

Now that we have explored the reason why security in digital signage players is important, let’s dive into what Screenly does to set itself apart from the competition. (Warning: this will get a bit technical.)

Secure Foundation

Screenly uses Ubuntu Core for its operating system. If you’re not familiar with Ubuntu, they are the makers of the most popular Linux distribution. Ubuntu Core is their latest and most secure operating system designed for IoT devices. Screenly was the first digital signage company to adopt this operating system, and Ubuntu Core now provides the foundation for Screenly’s software. As such, we start with a system that is built by some of the smartest security engineers on the planet.

Locked Down

Contrary to many other digital signage players, most notably many Windows-based players, Screenly is fully locked down. There are no open network ports. This dramatically reduces the attack surface of our players. Moreover, our processes are confined and isolated using state-of-the-art technologies, such as SELinux, seccomp and AppArmor. Even if a hacker was somehow able to break in, their access would be limited. You can read more about the details of this in the Ubuntu Core security whitepaper.

Automated Updates

While most people understand that they need to keep their devices up-to-date, there are a number of reasons they don’t. Keeping devices up to date is necessary for ensuring that your devices are secure against the latest vulnerabilities, and because of this necessity we have fully automated the software-update process. Every night (local time), our devices automatically download and apply the latest security and software updates. What’s more, since the update process is another possible vulnerability (e.g. an attacker could try to push a rogue update), all our updates are cryptographically signed and automatically rejected if the update doesn’t match the cryptographic signature. The updates are also “transactional,” which means that if the update fails at 95%, the device will automatically roll back to the previous “known good state” until the next update is attempted.

Some digital signage companies believe that simply isolating your digital signage infrastructure on a dedicated VLAN, where it is isolated from the world, is sufficient. By doing so, they claim, you don’t need to worry about updates and maintenance. Security professionals tend to disagree. All it takes is one misconfigured switch, and your unpatched digital signage player is now exposed to a potentially hostile network, and ready to be compromised. This is why we at Screenly design our players to assume that they are in a hostile environment, and we protect them accordingly (this is often referred to as zero trust networking). This practice makes for much better security. You’re still welcome to put the players in a secure VLAN as an extra layer of security, of course.

Encrypt All Communication

For most people in the tech industry, this is obvious. However, among many digital signage providers, this isn’t the case. To this day, you can see the presence of plain text communication (such as ancient protocols, like FTP). Using technologies like FTP leaves the players vulnerable for Man-in-the-Middle (MiTM) attacks, where an attacker could replace, say, an image with either an attack payload or even compromising content. At Screenly, we apply industry best-practices and encrypt all traffic between our back-end and our devices. As a result, no one can listen in on the communication, and moreover, we simply reject the connection from the client to the back-end if someone tries to tamper with the communication.

Best practices still apply!

Even if we do our best to secure our players, we still encourage our customers to apply best practices on their networking side. Whenever possible, we recommend that you isolate the digital signage devices on a dedicated VLAN, so the devices can only talk to the internet and not to the rest of your infrastructure.

Please note that this page does not apply to Screenly OSE.