The weakest link

The weakest link
Could a hacker put pornography on your client’s digital signage? Tim Kridel investigates some recent AV security breaches and how to protect against them.

They’re the kind of security breaches that will put an integrator in the foetal position in the middle of the day: One February afternoon in Moscow, a man whom police described as “a highly educated, temporarily unemployed and extremely advanced Internet user" hacked into digital signage along a busy road to make it show a pornographic video, causing an elderly motorist to have a heart attack.
A few weeks earlier in another part of Moscow, police announced that for five months, their surveillance systems had been fed pre-recorded video – a trick right out of the “Oceans 11” films. The investigation is ongoing, but the initial finding is that the system was hacked by a rival integrator looking to undermine its competitor.
To avoid unwittingly enabling the next embarrassing AV hack, it helps to understand how vulnerabilities are created. Increasingly, those vulnerabilities are a by product of AV’s ongoing migration away from closed systems and toward just another form of traffic running over an IP network. But in other cases, the back door can be a simple as coax run through a drop ceiling in a storage room.

Cutting the cord

Wireless is an increasingly common way to connect devices, such as a laptop to a projector in a conference room. One reason is because the latest versions – such as 802.11n Wi-Fi – are fast enough to support HD video. In other cases, the appeal is being able to piggyback signage or surveillance cameras on the client’s existing wireless local area network (WLAN) to eliminate the expense of building a dedicated AV network.
Some vendors say Wi-Fi is inherently more secure than fibre or copper because today’s versions have built-in authentication and encryption technologies such as WPA2.
“If they’re in place, it is almost impossible to break into those wireless networks,” says Dr. Amit Sinha, a fellow and chief technologist in Motorola’s enterprise WLAN business unit. “Ethernet does not have any encryption running on it by default.”
By authenticating each device before it’s allowed to connect, WPA2 also helps thwart “main-in-the-middle” attacks: overriding the signal from a surveillance camera or to a display and substituting it with fake or pornographic video. 
“Wireless makes it particularly easy to do because you don’t have to cut cords or gain physical access to a networking closet,” Sinha says. “WPA2 provides a critical element of security: integrity protection, whereby it’s virtually impossible for someone to become a man in the middle.”
Even so, Wi-Fi has a few vulnerabilities. One is jamming the system, such as to cause video to freeze or pixelate. Another is when a unauthorised or “rogue” AP (access point) is connected to the wired LAN, creating a back door to the WLAN and any AV device that’s on it. 
A wireless intrusion-detection system can mitigate those problems by constantly monitoring for them and alerting, say, the client’s IT staff when they’re detected. Some enterprises already have these systems, so they wouldn’t have to be factored into the cost of an AV project.

Security by complexity

Copper cables, such as Cat-5, are another risk partly because they can act as antennas that radiate their traffic to nearby eavesdroppers. Even coax’s shielding doesn’t completely trap all of the electromagnetic signals passing through the cable. Copper cables also can be physically tapped to capture the traffic they carry.
One obvious way to minimise those risks is to restrict access to the cables, such as by running them through conduit, which further attenuates the signals and requires additional effort – and noise – for someone to literally hack through them to tap the cable inside. 
In installations where copper cable have to run near electric lines, conduit also can provide additional shielding between the two. The concern isn’t so much that the current will create electrical interference with the AV traffic, but rather that electric lines don’t pick up the AV traffic and reradiate it, facilitating a little-known type of eavesdropping.
Although fibre doesn’t radiate signals, it can be tapped, which is why some highly sensitive users will run it through conduit. A fibre-optic power meter also can be used to identify reflections in places where there aren’t supposed to be any, indicating a possible tap. 
Fibre modems also have lights and other indicators that show when a link has been disrupted. Some also can send alerts to the client’s network monitoring system. 
Fibre also has some inherent features that make taps difficult. For example, the tapping process takes longer than with coax, increasing the chances that a person or monitoring system will notice the signal disruption. The hacker also would have to know whether the fibre is single- or multi-mode, as well the vendor equipment. 
“Fibre modules between manufacturers are incompatible with each other, so I’d better know exactly what fibre module [is in place],” says Neil Heller, global product and marketing manager for fibre and transmission at GE Security. “The degree of complexity makes it almost ridiculous to even try.” 
For both fibre and copper, encryption provides an additional layer of protection.
“We use Transport Level Security (TLS) to encrypt signalling information, [which are the] messages among video elements,” says Stefan Karapetkov, Polycom's emerging technologies director. “Once the media streams are set up, we encrypt all packets with AES encryption using 128-bit encryption keys. 
“Since AES 128 is supported across the entire Polycom portfolio and by third parties, most video calls today are transmitted encrypted. In addition, hash mechanisms such as MD5 are used to make sure no one has modified the packets during their transmission through the network.”

Good enough for government work

Government agencies often have additional security requirements. For integrators looking to target that market, success sometimes means understanding the requirements of governments in countries other than where they’re doing the work. 
One examples is the U.S. Defense Department’s DoD 8100.2, which covers wireless security. It’s based on authentication and encryption techniques from the commercial sector, a sign of how far those have come in terms of providing iron-clad security. 
“It’s interesting to see that the defence department has adopted industry standards as opposed proprietary encryption techniques,” says Motorola’s Sinha.
 Another is the U.S. National Security Agency’s TEMPEST guidelines, which plug security holes that occur when signals – such as from a copper cable – radiate far enough to facilitate eavesdropping.
“TEMPEST is required for some installations, especially for military and intelligence facilities in foreign countries,” says Gary Hall, CTS-D, CTS-I, who works for a U.S. intelligence agency.
Suppose that a project calls for a videoconferencing system that sometimes will be used for meetings with government agencies in other countries. 
“NATO countries and other U.S. partners have complex information-sharing regulations that must be taken into account when processing data that will be transferred between nations,” Hall says. 
A basic understanding of government requirements also can be useful when designing AV systems for general enterprises that have high security concerns, such as financial institutions. Even if those clients aren’t aware of guidelines and standards such as DoD 8100.2, the benefits are another way that an AV integrator can differentiate itself, including against IT integrators. 
“Integrators that really want to add value for their clients can go further by becoming experts on security regulations and assisting their customers in planning for operations,” Hall says. “This includes the creation of operational security checklists, and gathering volatility statements from manufacturers that customers can use during the systems security accreditation process.”

Physical and virtual

Cultural norms are another factor that affects AV security. For example, some clients have requested command-and-control displays that can’t be photographed so that shots of an unmarried man and woman passing each other on the street can’t be used for blackmail.
The techniques and products used for meeting cultural norms can be useful when designing AV systems in markets that don’t require them but still can benefit from the additional security and privacy that they enable. For example, in a command-and-control room, consider what’s going to be shown on each display when deciding its size.
“The whole idea of a large-screen display is to share data, not to make it personal,” says David Griffiths, Christie’s EMEA market development manager for control rooms. “If you want to show sensitive data, you can put it on a monitor.
“We look at the whole operation area. Data can be secured the moment unsecured personnel [are] walking into the room. That is what we call ‘sanitising’ the display wall: by pushing a button, change the content on the screen.”
Physical access to AV equipment can be a major security factor. For example, running cable through a drop ceiling in a storage room makes it easy for hacker to get access.
“Physical security is important since some endpoints are associated with a conference room, and access to the room gives you access to the endpoint and therefore to the video network,” says Polycom’s Karapetkov. “Endpoints have local password protection. End points must be authenticated and registered to the gatekeeper in order to participate in bridged calls. Many IT managers limit endpoints to certain networks or virtual LANs (VLANs) to contain video traffic within parts of the network.
Sometimes it’s difficult to limit public access to an AV device. In those cases, one security measure is to make them configurable only remotely.
“Most hardware elements – hard endpoints, conferencing servers, etc. – have serial ports for local configuration,” Karapetkov says. “For increased security, these ports can be disabled. Administrators and sometimes users can access some of the video elements over Web browser.” 
But remote access also enables scenarios such as the Moscow signage hack. To reduce that risk, AV vendors often create an administrative option to disable remote access from a Web browser. Access also can be restricted to only those people who are already authenticated by the client’s LAN or WLAN. 
“Users authenticated once in the corporate network do not need additional authentication when they use video applications because the video servers already know them and handle access accordingly,” Karapetkov says. “This limits the number of passwords required to access the network and reduces the probability that passwords will be written down, lost or otherwise compromised.”

Most Viewed