If you are looking to either blackmail or embarrass a company, digital signage is a great tool to help you achieve your goal. Digital signs are always-on screens in locations with high visibility, and accordingly, they make for a great target. We have seen countless examples over the years where an attacker gains control of a high-profile screen, including screens in airports and store fronts. Even if the screens themselves are not the target, bad actors can use digital signage players as an attack vector to access other systems.
Here are some cyber security facts at a glance
- The analyst firm Gartner estimates that more than 25% of identified attacks in enterprises involve IoT.
- According to IBM, the global average cost of a data breach is $3.86 million.
- FBI’s Internet Crime Complaint Center reported $3.5 Billion in victim losses in 2019.
Needless to say, nobody wants to walk into the office in the morning and have to explain a digital signage hack to the boss. Even worse, imagine having to explain why the digital signage system you selected allowed the attackers to launch the ransomware attack that is holding your company’s data hostage. This is why banks, hospitals, and companies with a high bar for security trust Screenly.
How is Screenly different when it comes to security?
Security is part of Screenly’s DNA. Screenly’s founders have worked in the cybersecurity industry. Since the company’s founding, security has been a top priority and is much more than a marketing buzzword.
What does a focus on security actually mean?
If you are not an engineer, you might find the remainder of the page to be gibberish. However, if you are an engineer, this page should help provide some technical details on how we keep your digital signs secure.
The security of our digital signage player
Let us start with the digital signage player, which is a common attack vector. To ensure that we are on the forefront of hardware security, we partnered with Canonical (the makers of Ubuntu) to build the most secure digital signage player possible. Below is a brief overview of some of the technologies we use to make sure that your digital signage player does not get compromised:
- Process isolation. We have adopted the latest Linux Kernel technologies for process isolation. This includes technologies such as namespaces, cgroups, AppArmor, and Seccomp. The purpose of process isolation is that in the rare case that someone were to compromise a component of the digital signage player, they cannot move laterally. This very different than many of our competitors, where the runtime user can execute any system command (even using
sudo) and even install system tools (like
metasploit) to help in the attack. If you’re an attacker and run across this, you’ve hit the jackpot.
- Transactional and cryptographically signed updates. An advanced yet common attack vector for IoT devices is to inject rogue updates that include backdoors or access pathways. To mitigate this risk, we use cryptographically signed updates. This process means that unless the cryptographic signature of the update checks out, the device will reject the update.
- Full lockdown. Perhaps the most common attack vector for IoT devices is when hackers discover services remotely through port scans and similar methods. Bad actors frequently exploit those attack vectors using brute force attacks. With Screenly digital signage players, there are no open ports and, accordingly, no remotely accessible attack vector. This protection will become increasingly important as the world embraces IPv6. We assume that our digital signage players are publicly accessible, and so, we design our security model accordingly. This is in stark contrast to some of our competitors that ship their players not only with SSH enabled, but also with default credentials.
- No default credentials. Surprisingly, default credentials are still a thing that we still see in 2020. Screenly digital signage players do not use default credentials or have backdoors for “convenient access.”
- Automatic security updates. Nobody likes applying security updates, but updates are essential to keep your devices secure. Screenly digital signage players automatically apply security updates in the background without interfering with content playback. Operating system and software updates are transactional and cryptographically signed.
- Full encryption for all traffic. All communication between our digital signage players and our backend is fully encrypted. If an attacker tries to perform a Man-in-the-Middle (MiTM) attack, our player will reject the rogue traffic.
- Automatic security scans. We use automatic security audits on 3rd party dependencies to ensure that all dependencies are safe from vulnerabilities.
If the above section was not sufficiently detailed, you can dig into Ubuntu Core’s security in this whitepaper.
The security of our back-end and web interface
Moving on to the cloud component of our digital signage solution, we of course prioritize security on this front, too. Below, you can find out what we are doing to ensure our back-end remains secure:
- Process isolation. Much like in our digital signage player, we use Linux Kernel level process isolation in our back-end to limit the ability for an attacker to continue his or her attack.
- Automatic vulnerability scanning. We scan our runtime environment for vulnerabilities on an ongoing basis. This ongoing scanning is the case for both application dependencies and container vulnerabilities.
- Ephemeral infrastructure. We do not rely on long-running servers that may be compromised. Our servers live for at most 24 hours, and we then change out our servers automatically. When the new servers come online, they are already patched against any recently discovered vulnerabilities.
While securing the actual cloud environment is paramount for good security hygiene, we also need to ensure that our web interface is secure for our users. To do this, we have built a number of features to help our users keep their accounts protected. Some of these features include:
- Two factor authentication (2FA). Using two factor authentication is considered a good security practice by most security professionals. We currently support TOTP-based 2FA, and we are looking to add additional 2FA methods, such as hardware tokens, in the near future.
- Granular access control. Screenly allows users to define granular access to their accounts. Most security-conscious organizations have rules against sharing accounts with 3rd party systems. In Screenly’s interface, you can invite team members and set the desired level of access for each team member.
- Silo your screens using teams. If granular access control is not sufficient, you can take things a step further by creating multiple teams. Screens are part of team accounts, and each team has a defined set of members. You can set permission levels for each user, and admins can easily navigate across multiple teams.
We hope the above explanations help shed some light on the many ways that we keep your digital signs secure. Security is a core pillar of Screenly, and we continue adding security features each quarter. If you have any questions or security-related concerns, reach out to Screenly Support for additional details.