2020 Security ForesightMarch 17, 2020 No Comments
Featured article by Bob Wudeck, Senior Director, Business Development for BenQ
There are a lot of discussions and even more headlines about the lack of network security. Tales range from high-profile network breaches to private data from a number of organizations being accessed by unauthorized parties. IT has long protected the network and the data on it, but now, these security breaches can come from unexpected places, including devices such as wireless presentation systems.
Wireless presentation systems (WPS) are on the rise, giving integrators fresh opportunities across verticals and within an entirely new product category. They offer an affordable alternative to installing expensive matrix switches and pulling HDMI cables. With a WPS, multiple presenters share the screen during a meeting through a simple transmitter device connected to their notebook or software and at a much lower cost than traditional HDMI cables. The big caveat is that they can pose network concerns. If the WPS isn’t secure, it opens the door to possible network attacks and what was a device designed to save customers money becomes an expensive battle that goes beyond technology.
In the last year, cybersecurity and privacy company F-Secure and the well-respected technology blog Tenable found several network vulnerabilities in wireless presentation systems available from recognized brands. These vulnerabilities posed two specific threats: one, that systems connected to the network can be used to break into an organizations network, and two, any content being shared over the system can be recorded and stolen.
As an AV designer, programmer, or installer, not only is it important to understand how these presentation solutions work and the differences between them but also how each model mitigates these risks. Avoiding these risks and an having a security-first mentality is especially important for shepherding customers through a new era of technological innovation and cybersecurity as well as for assuring repeat business down the road.
With the prevalence of security risks, it’s important to select models that follow industry best practices. When evaluating these systems, make sure it’s a model that follows these primary ones:
1. Minimize the organization’s attack profile
For any organization, their network and the content on their network are among their greatest assets. Minimizing the attack profile basically means minimizing network exposure and safeguarding these assets. Look for a model that can operate independently of the network and without proprietary software or apps. Both of these will reduce the risk of a hacker gaining access to the organization’s network via a wireless HDMI receiver or through cloned software apps. A system that doesn’t require network access also reduces the time and resources to set up network protections for users and visitors who need to log into the network to use the system. Without network access, visitors aren’t able to access the organization’s VLAN. Although VLANs are able to segment traffic, they aren’t always effective protection against hackers. Nowadays tools make it possible for hackers to crawl and hop from one VLAN to another and gain access to sensitive content. If the system requires software or an app, security becomes even more questionable. For example, if the WPS or company is sold to another company, that company could rewrite the software and open up the potential to suck out data. That’s an extreme scenario but it illustrates how granting network access can become problematic later.
2. Limit access to content
The saying “Content is king,” should be, “Encrypted content is king.” Imagine that an organization with a disgruntled employee or someone working from a flexible workspace is streaming content wirelessly over a network. Maybe they’re not viewing the next iPhone concept, but it could be a video stream of salary reviews, for example. Although that content is intended for only the eyes in that room, without 100-percent encryption 128-bit AES at the receiver, anyone can access it. Some systems, for example, enable a remote view of the collaboration session by entering the receiver’s IP address into a web browser, while others do not encrypt or field access to content sent over the network at all. Some inexpensive wireless HDMI casting systems even send content over the web and back to the receiver. These require up to 20 or 30 ports to be open at a time and make even the least security-conscious managers concerned.To prevent unauthorized people from getting on the network and being able to gain access demands a 100-percent encrypted system. Encryption guarantees that another person can’t see that stream and find out information that could be used inappropriately.
3. Minimize data interaction.
The USB port is a powerful and convenient Swiss Army knife of a port. It can connect almost anything to a computer. From the user perspective, they make life simple. However, from a security perspective, they can be quite a nightmare because they can exchange data and introduce any number of loopholes for hackers. Many wireless presentation systems use USB ports, but integrators should be sensitive of how USB is being utilized. Choose a system that can enable an TCP/IP option for the USB to be turned off and to only provide power. For high-security environments, such as military, police, or other sensitive defense contractors that typically black list all devices requiring access to a USB ports, ensure that the system also is capable of being powered independently of USB.
Minimizing data interaction also means eliminating devices that require proprietary software and apps. Many popular wireless presentation systems depend on a proprietary app that is loaded onto the computer that captures all the information, manipulates it, then sends it to the receiver. Savvy security managers know that any software where they don’t have the actual code can represent a risk to secure information. Software apps can be cloned, or injected with malware in hostile environments, and many apps can share to more than one screen on the network – either deliberately or accidentally – creating a potential security risk when presenting. Choose an option that doesn’t use an app or where no extra data is required to be loaded onto a presenter’s notebook before they can use the system.
While the network and content are the greatest direct threats, there’s a third seemingly innocuous security risk: manufacturer support. Today, in a lot of manufacturing industries — not just technology — products are often purchased and white labeled by other companies. It’s a common occurrence but a shampoo or bathroom vanity sold under another name doesn’t pose the same risk or custom service woes as an AV device. When problems arise, integrators need the support and expertise, which they may only find for a limited timeframe or with a hefty subscription fee. For a company that has invested in 50 wireless presentation systems for their conference rooms, they could be stuck with a solution that isn’t quite what was sold to them. Integrators must do their homework to find a manufacturer that has invested in the engineering of their wireless presentation system from the ground up to prevent security risks and with a proven track record of support.
The wireless presentation system market is exploding with incredible opportunity. Futuresource reports that it is growing 10 times the growth of other AV devices and 40 percent growth year over year. While security threats will never go away, AV designers and integrators have to be smart about what solutions they choose that can manage these risks. Customers will expect that that their integration team will have their best network welfare at heart. By ensuring that all the boxes have been check — that the wireless presentation system encrypts ever frame, minimizes network exposure, and operates independent of software and apps — they’re helping customers make sound security decisions that can last a lifetime.
Bob Wudeck serves as Senior Director, Business Development for BenQ, a global leader in visual display solutions. He can be reached at Bob.Wudeck@BenQ.com.