In our fast-paced, hybrid working world, AV technology has become essential to seamless communication and business process. But have you ever questioned how secure your AV equipment really is?
In 2024, there were news headlines across the world openly discussing highly classified intelligence on how certain western countries were supplying and delivering precision munitions to Ukraine. This was a major breach of operational security (OpSec), but how did the Russian Intelligence service manage to pull off this coup? Was it a honey trap? Had the GRU been able to gain a mole? Was a Russian James Bond type in play?
No, far from it… In this case it was down to a German Officer in Singapore using an unencrypted hotel line to dial into a conference. So simple in this case, but it draws attention to the importance of AV in the modern world.
Not only that, the ubiquity of AV tools can lead to them being overlooked in cybersecurity plans, tests, monitoring, and reviews. Given the levels of information they handle and are exposed to, this can be a critical oversight.
From design and build through to operation, there are many ways and areas in which communications can be compromised.
Whilst nation-state attackers might not be looking at you directly, if you design your security models to keep them at bay, you gain the added bonus of keeping out all the lesser threats - if things like ransomware gangs can be considered a lesser threat!
Consider an online meeting. As AV technology facilitates the conversation, it is also processes sensitive content through microphones, cameras, and screen-sharing tools — content most would assume is safe. However, this data is often transmitted unencrypted, leaving it vulnerable to interception from prying hackers.
Many AV devices also bridge multiple networks, providing various points of entry for potential attackers. These audio streams — often easily discoverable on the network — can be exploited by hackers who intercept the unencrypted streams before downloading and decrypting the information for later use.
In addition, many reoccurring meetings have the same credentials and log-in details, a vulnerability that allowed journalists to join governmental meetings during the pandemic, an attack known as Zoom Bombing.
Communication rooms, which serve as the central hubs for AV technology, are also particularly vulnerable. Housing numerous devices that connect meeting rooms to the network, communication rooms are like the brain of AV technology. They make all the rooms connected to them work, and as a result, are a very attractive target for cyber criminals.
If a hacker gains access to a communication room, they can not only eavesdrop on conversations, they can also move through the network and potentially establish permanent access to sensitive information.
The big concern here is that today’s AV technology is rarely just one thing. Operating systems are now built into high quality microphones and video cameras, essentially making them minicomputers with capabilities beyond their use.
Hackers can take advantage of the sophistication of modern technology — especially as they know most are not aware of their full technical capabilities — and can access unsecured networks through any connected device. In short, it’s not just the traditional tech that instinctively comes to mind like laptops and mobiles that need to be secured.
To combat these risks, companies should implement the following measures:
1. Advanced security features
Choose AV solutions with built-in security, such as advanced encryption techniques and authentication options. These safeguards ensure that any device connecting to the corporate network is legitimate and that data remains protected from unauthorised users.
2. Comprehensive password management
Implement complex, non-standard passwords for AV devices and ensure employees follow suit. Consider using a centralised password management system to control access to critical devices and information.
3. Regular software testing
Routinely test AV software to identify and address potential vulnerabilities before they can be exploited. Adhering to industry-standard security benchmarks also helps to pre-emptively ward off attacks.
4. System lifecycle and updates
All AV systems will require updates – patches, service packs, driver updates, and so on. Is your company looking after these? Are they performed remotely?... Are you sure? Leaving systems unpatched can make them very appealing to attackers, especially as the system must connect to the outside world.
5. Training
Staff need to know the value of the information they are discussing and use the appropriate format. Would you have a conference call with the door open when discussing staff bonuses? Would you join a conference from an unsecured line, discussing transport of munitions for war?
6. Knowledgeable partners
Work with a trusted AV technology partner that not only understands the need for secure AV but has the experience and expertise to implement the right safeguards for your business.
As we rely more on AV solutions for communication, investing in robust security measures is crucial for guarding sensitive information and maintaining trust with both employees and clients.
Protecting sensitive audio and video data, securing communication rooms, and preventing unauthorised network access are all critical steps in securing an organisation's information and maintaining operational integrity.
For insight and guidance from Kinly's cybersecurity team on how to secure your AV networks through protection by design, check out our blog here.