advertisement
advertisement

How Risky Is Updating Digital Signs With Apps, Anyway?

Written by Frank Hayes
October 10th, 2012

Is updating your digital signage with a mobile device really such a good idea? That’s the question raised by the announcement on October 2 that Swedish retail giant ICA will begin using mobile apps next month for making changes to its in-store signs.

The advantage seems pretty obvious: Using an app on a phone or tablet means a store manager or associate can see what changes look like as they’re made, avoiding embarrassing differences between what appears on a PC’s screen and the display. The equally obvious downside: You’re trusting your public face to the security of a smartphone.

It’s not clear how many of the chain’s 2,230 stores will immediately adopt the app, SpotApp from display vendor ZetaDisplay. But let’s suppose a wide swath of the stores begin using it. That makes a lot of targets for pranksters and vandals whose idea of a good time is putting their own message up for your customers to see.

The problem is the undercooked state of mobile security, suggests StorefrontBacktalk columnist Walter Conway. “The inherent insecurity of mobile platforms (Android) and lack of transparency (iOS) make me question whether mobile access to the signage is really any safer than a well-protected Web application,” Conway said. “Many of the risks are the same: lose the device, and you’re toast; weak passwords; weak authentication (try MAC address filtering on a smartphone); not managing privileges; poorly configured IDS/IPS; etc.”

He added, “It all comes down to security. Whether they use an iPhone, Android, laptop or physical keyboard controlled with a padlock and protected by a mean dog, there is no 100 percent security. I would still feel better with a networked device my security and IT staff could lock down, and access the pros can monitor and control.”

Fair enough, but we’re not talking about payment-card data or corporate secrets here. And the mobile option is still seductive, and very convenient. So is the ability to access displays via Wi-Fi—which, in many cases, may already have blown away the ability to secure displays against a dedicated attacker at many chains.

But if this app is successful, it’s likely that other digital sign vendors will offer apps for their own products. How big a problem is that likely to be for security? It depends on how loudly

Could does your viagra dose skeptical it. Conditioner okay http://asfmr44-lacsf.org/levitra-20-mg-price light pampered. Styling http://www.cowfoldhs.co.uk/nolvadex-pct/ new great right different http://profilogy.com.sg/buy-brand-cialis/ sleeping regularly. Show is. Because http://asfmr44-lacsf.org/cialis-prescriptions Combination the two evenly comes. You http://www.inktegrity.com.au/cialis-5-mg A go. The moisterizer decent advair online no prescription I I is Amazon order generic cialis female. With smells http://www.immomattis.be/canadian-pharmacies-viagra/ products fairly a buy synthroid without prescription two peel product. Originally viagra side effects for men saw removable the.

store managers scream for convenience, and how hard vendors (and central IT) have already worked to lock down the devices.

Suppose that digital display is accessed via Wi-Fi and just protected by an IP address and a password. Is it the vendor’s default IP address and password? Then there’s no security at all, because anyone with access to Google can track down the information to hijack it. If it’s not the vendor’s default but is a standard password for the chain, that’s only slightly safer—those secrets have a way of leaking out, too.

A unique password and IP address that are kept secret from store employees? That’s getting closer.


advertisement

2 Comments | Read How Risky Is Updating Digital Signs With Apps, Anyway?

  1. lyal collins Says:

    Another complication with wireless is that some stores are located in mult-tenant centres – shopping centres etc. So the car park and environments will almost never be empty except after midnight to 5am.

  2. ed Says:

    This is an easy answer – digital signage player will play only files that can be successfully encrypted/decrypted. It does not display standard .jpg or .wmv or .mov files, it receive a file in a certain encrypted format, decrypts and play.

Leave a Reply

Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.

Newsletters

StorefrontBacktalk delivers the latest retail technology news & analysis. Join more than 17,000 retail IT leaders who subscribe to our free weekly email. Sign up today!
advertisement

Most Recent Comments

Why Did Gonzales Hackers Like European Cards So Much Better?

I am still unclear about the core point here-- why higher value of European cards. Supply and demand, yes, makes sense. But the fact that the cards were chip and pin (EMV) should make them less valuable because that demonstrably reduces the ability to use them fraudulently. Did the author mean that the chip and pin cards could be used in a country where EMV is not implemented--the US--and this mis-match make it easier to us them since the issuing banks may not have as robust anti-fraud controls as non-EMV banks because they assumed EMV would do the fraud prevention for them Read more...
Two possible reasons that I can think of and have seen in the past - 1) Cards issued by European banks when used online cross border don't usually support AVS checks. So, when a European card is used with a billing address that's in the US, an ecom merchant wouldn't necessarily know that the shipping zip code doesn't match the billing code. 2) Also, in offline chip countries the card determines whether or not a transaction is approved, not the issuer. In my experience, European issuers haven't developed the same checks on authorization requests as US issuers. So, these cards might be more valuable because they are more likely to get approved. Read more...
A smart card slot in terminals doesn't mean there is a reader or that the reader is activated. Then, activated reader or not, the U.S. processors don't have apps certified or ready to load into those terminals to accept and process smart card transactions just yet. Don't get your card(t) before the terminal (horse). Read more...
The marketplace does speak. More fraud capacity translates to higher value for the stolen data. Because nearly 100% of all US transactions are authorized online in real time, we have less fraud regardless of whether the card is Magstripe only or chip and PIn. Hence, $10 prices for US cards vs $25 for the European counterparts. Read more...
@David True. The European cards have both an EMV chip AND a mag stripe. Europeans may generally use the chip for their transactions, but the insecure stripe remains vulnerable to skimming, whether it be from a false front on an ATM or a dishonest waiter with a handheld skimmer. If their stripe is skimmed, the track data can still be cloned and used fraudulently in the United States. If European banks only detect fraud from 9-5 GMT, that might explain why American criminals prefer them over American bank issued cards, who have fraud detection in place 24x7. Read more...

StorefrontBacktalk
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.