4 minute read
RESIDENTIAL AV-OVER-IP-SYSTEMS: RISK?
RESIDENTIAL AV-OVER-IP SYSTEMS: ARE THEY PUTTING HOMES AT RISK?
Taft Stricklin, Sales Team Manager at Just Add Power, examines a very now security issue. Installers can advise homeowners on systems that will help protect their data and network from malicious activity.
Advertisement
Recent world events have spurred a drastic uptick in cyber security risks, especially with more people working remotely. According to Norton, more than half of all consumers have experienced a cyber crime, with one in three people falling victim to attacks in 2021 alone. It’s no surprise, then, that installers and endusers are increasingly concerned about how an AV-over-IP video distribution system could open up a home to greater vulnerabilities. The risks, however, are very different than those posed by consumer-grade devices running on a simple home network. Let’s talk about what it would take to get into an AV network and the scenarios where there are real concerns.
HITTING THE SWITCH
There are many complex layers within a professionally installed home AV network. In order for somebody to hack an AV-over-IP video distribution system, they’re going to need to hack the network directly. To accomplish that, they must gain access to the network switch. The walls of an AV switch are incredibly fortified when an enterprise-grade switch is selected compared to something off the shelf from a big box store.
The best network switches from companies like Luxul, NETGEAR, and Cisco are reinforced with enterprise-grade security technologies that are trusted by commercial network administrators working at the highest levels. This becomes clear when looking at the laundry list of security measures that are built into these solutions. For example, the Cisco Business 350 Series Managed Switches - which are one family of switches recommended for smaller scale AV-over-IP systems, such as those seen in homes - lists among its features advanced network security applications such as IEEE 802.1X, port security, Address Resolution Protocol (ARP) inspection, IP Source Guard, and Dynamic Host Configuration Protocol (DHCP) snooping, and detection and blockage of deliberate network attacks. Combinations of these protocols are also referred to as IP-MAC port binding (IPMB). In addition, AV-over-IP systems can be set up to be completely isolated so that they are never exposed to the world wide web. This is commonly seen in government applications, where every device, protocol, and configuration method is highly scrutinised. In a residential application, it can help to eliminate any traffic congestion on the network. These measures mean that essentially, to effectively hack the network, it would have to happen at the physical input. The hacker would have to be inside your home.
THE CALL IS COMING FROM INSIDE THE HOUSE
Let’s imagine for a second a hacker made it that far and how that scenario would play out. There are two very real possibilities of what they might do; one situation is a nuisance, and the other is a more problematic and costly threat to recover from. More than likely if they’ve spent all that time and energy to break into your home, they’re not going to comb your network looking for the code necessary to mess with changing TV channels. Instead, they’re going to search for homeowner’s data checking for account passwords, credit card numbers, and Bitcoin information. With the way AV-over-IP networks are set up, however, as explained above, it’s much easier to attain that information by other means, such as through the home’s computers. Put plainly, if someone has broken into a home, they aren’t normally even going to attempt to hack the AV network looking for high value information.
When it comes to professionally installed AV-over-IP systems, there is this misconception that it functions the same way as a streaming device homeowners can buy at the store. It’s important to stress the distinction between consumer-grade streaming devices and professional AV systems, especially because there is one very serious consequence of cord cutting today. Consumer-grade streaming devices, such an Apple TV, Roku, Chromecast, Amazon Firestick or TV Cube and even IP-capable displays, can be taken over via their Wi-Fi-based screen-mirroring capabilities. Using the screen-mirroring capabilities of these media devices, hackers can push inappropriate content to the display. A professionally installed AV-over-IP system utilising not only an enterprise-grade switch but also a closed codec eliminates this possibility.
ENCODING DATA SECURITY
In the era where more and more systems are becoming open source, there are areas where a proprietary, closed system makes sense. AVover-IP is one such application. A closed codec helps to ensure that it integrates easily with the components and protocols it’s supposed to and protects against those it’s not. In addition to proprietary codecs, installers should seek out encoder manufacturers that prioritise the protection of data. The best system devices are those that never capture any data. And as the big data breaches in recent years have indicated, data is a high-ticket item.
The topic of cyber security is a conversation that installers should be prepared to talk about with their customers. However, not everything that’s on the network is going to be the same level of risk. Installers should be able to explain how an AV-over-IP system works, where the real dangers are, and how they can help prevent malicious activity such as eliminating inappropriate content from being pushed to displays. These days, it’s a conversation that installers should risk having.
