How Risky Is Updating Digital Signs With Apps, Anyway?
Is updating your digital signage with a mobile device really such a good idea? That's the question raised by the announcement on October 2 that Swedish retail giant ICA will begin using mobile apps next month for making changes to its in-store signs.
The advantage seems pretty obvious: Using an app on a phone or tablet means a store manager or associate can see what changes look like as they're made, avoiding embarrassing differences between what appears on a PC's screen and the display. The equally obvious downside: You're trusting your public face to the security of a smartphone.
It's not clear how many of the chain's 2,230 stores will immediately adopt the app, SpotApp from display vendor ZetaDisplay. But let's suppose a wide swath of the stores begin using it. That makes a lot of targets for pranksters and vandals whose idea of a good time is putting their own message up for your customers to see.
The problem is the undercooked state of mobile security, suggests StorefrontBacktalk columnist Walter Conway. "The inherent insecurity of mobile platforms (Android) and lack of transparency (iOS) make me question whether mobile access to the signage is really any safer than a well-protected Web application," Conway said. "Many of the risks are the same: lose the device, and you're toast; weak passwords; weak authentication (try MAC address filtering on a smartphone); not managing privileges; poorly configured IDS/IPS; etc."
He added, "It all comes down to security. Whether they use an iPhone, Android, laptop or physical keyboard controlled with a padlock and protected by a mean dog, there is no 100 percent security. I would still feel better with a networked device my security and IT staff could lock down, and access the pros can monitor and control."
Fair enough, but we're not talking about payment-card data or corporate secrets here. And the mobile option is still seductive, and very convenient. So is the ability to access displays via Wi-Fi—which, in many cases, may already have blown away the ability to secure displays against a dedicated attacker at many chains.
But if this app is successful, it's likely that other digital sign vendors will offer apps for their own products. How big a problem is that likely to be for security? It depends on how loudly store managers scream for convenience, and how hard vendors (and central IT) have already worked to lock down the devices.
Suppose that digital display is accessed via Wi-Fi and just protected by an IP address and a password. Is it the vendor's default IP address and password? Then there's no security at all, because anyone with access to Google can track down the information to hijack it. If it's not the vendor's default but is a standard password for the chain, that's only slightly safer—those secrets have a way of leaking out, too.
A unique password and IP address that are kept secret from store employees? That's getting closer.A unique password and IP address, assigned by central IT and with the password never available in plaintext to any store employee? That's getting closer, and it is probably enough to discourage any casual digital vandals. There are too many combinations to make that any fun.
But a dedicated hacker blessed with way too much time and obsessiveness? Now we're talking about sniffing Wi-Fi traffic, which is easily within the capabilities of even minor miscreants. Older signs that require outdated Wi-Fi encryption are easily cracked. That means just to keep a Wi-Fi-accessible sign secure, you'll need up-to-date Wi-Fi encryption and unique, secret-from-associates passwords—and that's true with a mobile app or a PC, no matter how locked down the PC is.
A display that's wired into the network with no Wi-Fi access is far safer, because associates would be likely to notice someone physically working on the display (at least you hope they will). But there's a reason wireless displays are popular: convenience.
One workaround: Use wireless displays, but never update them when the store is open and accessible to hackers who can sniff the wireless network. If the store and parking lot are empty, it should be safe to connect with the displays after hours—presuming they're all on a different Wi-Fi channel than any other Wi-Fi you regularly use in the store. Yeah, that'll go over big with store managers.
And that also pretty well demolishes the ease and convenience that updating the signs with a mobile app was supposed to offer anyway.
Just as it comes down to security on one side, it comes down to convenience on the other. No wires? You're at greater risk. Anytime updates? Still more risk. Mobile apps? Probably even more risk.
It's a tradeoff that may come down to a practical decision: Isolate the displays on the network and make them more convenient to update (by managers or miscreants), or lock them down and make them safer but harder to use. Realistically, most chains will add just enough security to make the displays safer—but not so safe that they're really hard to use.
That will probably irritate IT security, but it's worth remembering that any customer with a marker can leave graffiti in a store, no matter how good network security is. Besides, it could be worse: Considering how much access some chains have handed directly to trouble-making customers—remember those naughty videos at Best Buy?—even just a password starts sounding relatively secure.