Signs hacked

May 2, 2006 by Dave Haynes

The Globe and Mail, a national newspaper in Canada, reported this morning how someone with a little technical savvy managed to put a cheeky message on some of the scrolling LED boards stuck above the stairwells of Go Train commuter rail cars on the Toronto-Hamilton run.

The story notes how easy it was to do so, particularly since the little screens were not even password protected (wow!) and the gizmo needed to load the content wirelessly is widely available and cheap.

The piece also notes how easy it is for hackers and kids just monkeying around to scan for IP addresses and break their way into such devices. It's a very bad day for a network operator when someone comes across a digital signage network's IP address, works their way in, and starts posting nasty messages or images.

Using IP addresses to push content to digital sign players is a little dodgy, as these players are effectively hanging a shingle out on the Internet and saying, "Here I am!"

Media network operators are at far less risk if the players in the field only call out to some central location to get their instructions and files. They can sit behind a local firewall, like a simple router, and no one on the Internet can contact that player. 

It's boring, propeller-head stuff that might well escape the scrutiny of a network operator interested in the marketing and financial side of the business, but getting this wrong could utterly kill a business if someone breaks in and starts wreaking digital signage havoc.     

  1. Bryan Crotaz says:

    Well true, but this is the classic question of push or pull. Digital View only supports a pull model, whereas many other products, including Inspired Signage, support push or pull depending on the environment.

    Push is a perfect model when you have a complex network with multiple users sending content to players. It also allows you to take advantage of multicast to reduce network traffic.

    these players are effectively hanging a shingle out on the Internet and saying, “Here I am!”

    Only true if ping replies are enabled, and software firewalling costs nothing. IPSec filtering stops any hacker in their tracks. Then you get into digital signing of content or encryption. Not complex, expensive or risky, and gives you all the advantages of a push system without the risk of hacking.

    Bryan Crotaz
    R&D Director
    Inspiration Matters

Leave a comment