The Basics of Digital Signage Security

May 30, 2017

It’s a common science fiction trope. Some evil mastermind alerts the world to his apocalyptic plans by hacking every digital screen in the word and broadcasting his face across the globe.

It hasn’t happened in real life. Yet. But given all the remarkable tools hackers have developed over the past few years, is it really so far fetched?

Evil Mastermind Takes Control of Digital Signage Worldwide

Well...actually, yes. Ridiculous. Absolutely impossible.

However, digital signage hacking on a smaller scale is all too real, as evidenced by the 3 minutes of porn broadcast in Washington D.C.'s Union Station during rush hour last week. This is a nightmare scenario for any image-sensitive operator. Local impact aside, the incident hit every major news outlet and was blasted across social media that same day.

So what tools did this brilliant, nefarious hacker use to execute such a masterwork of chaos?

Windows 10.

That’s right. Whoever installed the media player didn't bother to lock it. There wasn’t a password to hack.

Digital signage security doesn't have to be complicated. Those who develop the software platforms and design the networks they run on have some higher-level considerations, but most fail points occur at the user level. Here are a few tips to keep your company from making the headlines.

Treat your signage like a PC

  • Make sure your operating system and security software are consistently updated. Malicious hackers can reverse engineer updates to find weak points that can be exploited on the machines that haven't implemented them yet. The update actually reveals vulnerabilities to the world, so it's imperative to install them immediately because the cat is out of the bag.
  • Setup automatic updates if available. You can schedule these for when your business is closed, so there is virtually no consumer impact.
  • If your player is not set up for auto updates, be on the lookout for notification prompts and act on them immediately. The reminders look unprofessional anyway, so you have twice the motivation to clear them from your screen.

Limit accessibility

  • The less visible your hardware is the better. And even if your hardware is housed internally, it is preferable to use a VPN to access the player from the outside.
  • Ensure your player is in a physically secure location. Place it in an area the general public can't easily access.

Lock it down

  • Make sure your passwords are strong and secure. You still hear stories of hardware being hacked because the system's password was password. Do better.
  • If you access your content through a web browser, don’t save your cache credentials. Otherwise, one person with access to your PC can wreak havoc on your consumer-facing digital signs.

 Keep it private

  • Finally, limit who you give content access to. Shenanigans are real. Angry employees (or ex-employees) can do serious damage with credentials they come by legitimately.

Combating world-class hackers is ultimately down to software developers and network engineers. But clearly, there are simple steps an average operator must take to minimize exposure to everyday intrusions. Follow these tips to avoid the easily avoidable catastrophes people just love to post about on Facebook.

Tim Flavin
Chief Marketing Officer
Email |
LinkedIn |

Further insights on the topic

ARE IconRSPA IconDigital Signage Federation Icon