31.07.17

Q&A: Avoiding vulnerabilities in AV systems

Security CCTV camera or surveillance system in office building

Tim Kridel talks AV security with James Meredith, product experience manager at WyreStorm Technologies, covering wireless systems, IoT vulnerabilities and networking best practice.

TK: How can integrators ensure that wireless connections for signage, security and other AV devices don’t become back doors for hackers?


JM: Wi-Fi security technologies are common place and best practices long established but taking stock and regularly reviewing policies is key to staying ahead of the bad guys. Most hacks are possible due to ignorance rather than super geniuses brute-forcing their way in. So don’t leave devices on their default username and passwords, or use obvious values such as password123. It seems crazy but too many sites I attend have all the AV components with default logins.

Maintaining device firmware and software is critical to ensuring the latest security patches are present. This should form part of the service contract with the client as is another reason to justify the contract cost. If the Wi-Fi network is dedicated to the AV equipment then it is far easier to hide the network and isolate users and AV equipment. If this is not possible then it is important to separate guests and internal users to ensure only those who need to have access have it.

TK: What are some IoT vulnerabilities, such as for integrators that are expanding into building management and HVAC?


JM: IoT devices are everywhere and it is essential that the industry embraces the new market but are also wary of their security implications and the effect on the rest of the system. As above – isolating components onto separate parts of the LAN will create the most secure environment, and ensuring firmware and software are maintained and only granting WAN access to devices that truly need it will ensure that AV is not the next victim of an attack similar to last years Mirai attack on Dyn.

TK: What are some networking dos and don’ts, such as not trying to hang unmanaged switches on the client’s LAN?


JM: With the convergence of AV and IT the system design is no longer something that the AV team can do on their own. The bigger the installation the higher the number of people or teams need to be involved at every step of the process and sign off on the design. Keeping everyone informed is key to a successful install as it is not possible in large installs for any one individual to hold all of the knowledge about every piece of the design, network and device configuration. This will prevent silly mistakes taking down the system and increase everyone’s confidence in the system.

Read about potential security concerns for AV in Tim Kridel’s article 'Security holes and how to avoid a fall'.


Learn more from Audinate on top vulnerabilities in today’s AV systems in an article from the company’s Kieran Walsh: Shoring up security in enterprise AV

Tips for securing AV systems from Kramer