Digital Signage Security in the age of Internet Connected devices
Here is my recent guest post on the popular industry blog Sixteen:Nine. Thank you Dave Haynes for the invite. For more information on how ScreenScape approaches device security please email us at sales at screenscape dot net.
If you operate a digital signage network, chances are you’ve been hearing about new Internet-connected devices. They are transforming the way digital signage networks are built and managed. New Android-powered solutions are being lauded by software vendors and pundits as simpler and cheaper alternatives to the PC as a digital signage player. This post weighs in on some of the pros and cons of this new class of devices. In particular it focuses on a key requirement for most professional digital signage operators, and a primary concern of all network administrators: device security. Is the new class of Android device safe to use in a corporate environment?
It starts with security
Device security has become an important topic among IT administrators in the wake of a series of high profile cyber attacks that resulted in damaging security breaches. Companies scrambling to seal up their systems from hackers are having to look in the unlikeliest of places for vulnerabilities. In the recent Target payment card breach, hackers gained access to the retailer’s records through its heating and cooling system. In other cases, hackers have used vending machines, printers, thermostats and videoconferencing equipment. How long before hackers start looking at digital signage media players? If it were to happen, and a high profile security breach was traced back to poor security practices by a digital signage technology vendor, the entire industry could be in for a setback.
Device security questions aside, the rationale for using Android-powered Internet-connected devices as digital signage media players has many strong points. Arguments that they are simpler, cheaper, and more functional as a single purpose appliance are compelling. ScreenScape, for the record, is a big believer. The new class of Internet-connected devices have the potential to help network operators achieve greater cost-efficiency and greater scale. By helping to deploy more screens and reach more people with engaging content, they can help to accelerate the return-on-investment in digital signage projects.
So the new devices are potentially very good, but poor device security is most certainly very bad. The key question is: Can we deploy them in a manner that is safe and secure? In fact this was the critical question the engineers at ScreenScape asked themselves when they began designing an Android-based solution in collaboration with Dell called ScreenScape Connect.
Based on our findings the problems associated with poor device security don’t lie with the Android operating system itself. When it is used as designed, Android has a security model that has been well thought through. Millions of devices, many of which are relied on for mission critical applications, run the Android operating system and they do so safely and securely.
The hazards of rooting
When it comes to device security, too often the problem is actually in the way these devices are being used by software vendors to deploy their applications. Based on the feedback we are getting from customers, systems integrators, and industry onlookers it seems that many digital signage software vendors are choosing to ignore security best practices for developing their applications. For example, it’s not an uncommon practice for a software vendor, in the digital signage space, to deploy their technology on devices which have been rooted.
Rooting is the process of allowing applications to attain privileged control (known as “root access“) within the operating sub-system. What does the Android Open Source project have to say on the subject?
Users that change the permissions on an Android device to grant root access to applications increase the security exposure to malicious applications and potential application flaws.
It couldn’t be much clearer. There is no good reason, that we can think of, to deploy a digital signage application on a rooted device and, if security is even remotely a concern, it is certainly not advisable. Operating systems like Android provide for secure methods for building and deploying applications. An unseasoned vendor may choose to use a rooted device as a short-cut method of porting their application to a particular device. While rooting a device may help to quickly get an application running on a new, low-cost device, the increased exposure to malicious attacks should discourage such corner cutting.
This is not to say that using a proper non-rooted device is the only measure you need to take to be fully secure, but it’s a fundamentally important one. Rooting allows an application to bypass the Android security model resulting in a less than secure device that is much more susceptible to malware and cyber attack. For example, if your device is rooted then its wide open for somebody to install an app, and do all sorts of things to it. With a rooted device a lot of bad stuff can happen.
The recent spate of high profile cyber attacks should be more than enough to deter any security conscious IT manager from using a technology solution that doesn’t respect the Android security model. If you happen to be engaged in digital signage, whatever software partner you might be working with, whichever devices might power your digital signs, here’s a simple question you should ask your technology provider to help avoid your own damaging security breach: Are you using a rooted device?
The story behind ScreenScape Connect
ScreenScape began working on the software that would eventually power ScreenScape Connect back in the summer of 2012. One of the key hurdles we knew we had to climb was finding a true engineering partnership with a brand name hardware provider. Device security was top of mind from the outset. We knew in order to develop a smart and secure device for digital signage, we needed a solution that was a happy marriage of software and hardware. We began scouring the globe and evaluated many of the new Android-powered devices that were first to arrive on the market.
Wherever we looked, we found the same problems. Many of the vendors were pushing consumer-grade devices that were designed for home entertainment purposes; they were intended as Youtube and Netflix players for the living room. Most of the vendors didn’t really have engineering teams. They were interested in retailing cheap devices in massive quantities, not in working with industry partners to develop security-conscious technology solutions to solve a specific business problem. It was unsettling to learn that many providers of the new generation of Android-powered devices were either ready to “look the other way”, or actually sanctioning the practice of rooting. This practice said everything we needed to know about their approach to serving the professional digital signage industry. Device security wasn’t their concern. As tempting as it was to cut corners and be first to market with a low-cost Android-powered device we weren’t about to get started down the path with a partner that was ok with us deploying our solution on a rooted device.
Our search continued for over a year until we found Dell Wyse and their device, the Android-powered Cloud Connect (which was code-named Project Ophelia at the time). That’s when it started to come together. Of course Dell is a name-brand hardware manufacturer with a global support network. Dell has made a name for itself selling to the enterprise. We also knew that Wyse had made a name for itself building quality routers and didn’t cut corners when it came to device security. We discovered that the folks at Dell Wyse had a strong engineering team that was as interested in working with ScreenScape, a leading application software developer, as we were in working with a reputable provider of Android-based devices.
We began to collaborate in earnest on what would eventually become ScreenScape Connect. The goal was to deliver a new kind of smart device, purpose-built to perform as a simple yet secure digital signage appliance. Of course, just taking Cloud Connect off the shelf and rooting it would have defeated the goal of the project. Instead, we worked with the engineers of Wyse to develop secure APIs that would allow ScreenScape software to integrate seamlessly with the device’s firmware. We co-engineered a solution that would allow ScreenScape users to remotely control and manage the device, while encrypting the transmission of data between the device and our servers.
As a result, the device software is properly signed by the manufacturer and virtually tamper proof. What’s more is that by going through this process we were able to get “closer to the metal” and develop a more performant, more reliable solution.
We like to think that others in the space can learn from our experience. Place-based media is certainly a new and exciting industry. New entrants are joining the industry at a quickening pace. Naturally, we’d like to encourage all vendors, new and old, NOT to cut corners. There ARE reputable hardware providers out there that are willing to work with you on implementing your software on their device in a secure manner. We application developers should hold ourselves to a high standard when it comes to device security. In order for the industry to avoid a setback and continue to gain in credibility as a professional marketing channel, and one day achieve web scale, it’s important that we set the bar high when it comes to the rigours of software quality in general. While it wasn’t easy for us to find the engineers at Dell Wyse and it took time to work with them to develop a secure, purpose-built device, it’s something any professional software vendor can achieve if they are willing to accept the challenge of doing it right.
For what it’s worth, our advice is this:
- Use commercial grade devices from reputable hardware vendors.
- Work with professional vendors that know and support B2B channels and stand behind products that are intended to be used in a commercial setting.
- Gain privileged access to functionality within the Android software stack correctly, through secure APIs. Digitally sign your apps in a secure fashion.
- Don’t use rooted devices.
Let’s all strive to build reliable software that’s been implemented securely. After all, if an application vendor is trying to cut corners when it comes to device security, where else are they taking shortcuts?