Cybersecurity risks have increased dramatically as a result of recent world events, especially with more people working remotely. According to Norton, more than half of all consumers have experienced a cybercrime, with one in three people falling victim to attacks in 2021 alone. It’s no surprise, then, that installers and end-users are increasingly concerned about how an AV-over-IP video distribution system could open up a home to greater vulnerabilities.
The cybersecurity risks, however, are very different than those posed by consumer-grade devices running on a simple home network. Let’s talk about what it would take to get into an AV network and the scenarios where there are real concerns.
Cybersecurity: Don’t Skimp on the Switch
There are many complex layers within a professionally installed home AV network. For somebody to hack an AV-over-IP video distribution system, they’re going to need to hack the network directly. To accomplish that, they must gain access to the network switch. The walls of an AV switch are incredibly fortified when an enterprise-grade switch is selected compared to something off the shelf from a big box store.
The best network switches from companies like Luxul, Netgear, and Cisco reinforce their switches with enterprise-grade security technologies that is trusted by commercial network administrators working at the highest levels. This becomes clear when looking at the laundry list of security measures that are built into these solutions.
Cisco Business 350 Series Managed Switches — one family of switches recommended for smaller scale AV-over-IP systems in homes — lists among its features advanced network security applications such as IEEE 802.1X, port security, Address Resolution Protocol (ARP) inspection, IP Source Guard, and Dynamic Host Configuration Protocol (DHCP) snooping, and detection and blockage of deliberate network attacks. Combinations of these protocols are also referred to as IP-MAC port binding (IPMB).
In addition, AV-over-IP systems can be set up to be completely isolated so that they are never exposed to the internet. This is commonly seen in government applications, where every device, protocol, and configuration method is highly scrutinized. In a residential application, it can help to eliminate any traffic congestion on the network. These measures mean that, essentially, to effectively hack the network, it would have to happen at the physical input; the hacker would have to be inside your home.
Let’s imagine for a second that a hacker made it that far and how that scenario would play out. There are two very real possibilities of what they might do; one situation is a nuisance, and the other is a more problematic and costly threat. More than likely, if they’ve spent all of that time and energy to break into your home, they’re not going to comb your network looking for the code necessary to mess with changing TV channels. Instead, they’re going to search for the homeowner’s data — checking for account passwords, credit card numbers, and Bitcoin information.
With the way AV-over-IP networks are setup, it’s much easier to attain that information by other means, such as through the home’s computers. Put plainly, if someone has broken into a home, they aren’t normally even going to attempt to hack the AV network looking for high value information.
When it comes to professionally installed AV-over-IP systems, there is this misconception that it functions the same way as a streaming device that homeowners can buy at the store. It’s important to stress the distinction between consumer-grade streaming devices and professional AV systems, especially because there is one very serious consequence of cord cutting today. Consumer-grade streaming devices, such an Apple TV, Roku, Chromecast, Amazon Firestick or TV Cube, and even IP-capable displays, can be taken over via their Wi-Fi-based screen-mirroring capabilities. Using the screen-mirroring capabilities of these media devices, hackers can push inappropriate content to the display. A professionally installed AV-over-IP system, utilizing not only an enterprise-grade switch but also a closed codec, eliminates this possibility.
Closed Systems Shield Data
In the era where more and more systems are becoming open source, there are areas where a proprietary, closed system makes sense. AV-over-IP is one such application. A closed codec helps to ensure that it integrates easily with the components and protocols that it’s supposed to and protects against those it’s not.
In addition to proprietary codecs, installers should seek out encoder manufacturers that prioritize the protection of data. The best system devices are those that never capture any data. And as the big data breaches in recent years have indicated, data is a high-ticket item.
The topic of cybersecurity is a conversation that installers should be prepared to talk about with their customers. However, not everything that’s on the network is going to be the same level of risk. Installers should be able to explain how an AV-over-IP system works, where the real dangers are, and how they can help prevent malicious activity — such as eliminating inappropriate content from being pushed to displays. These days, cybersecurity is a conversation that installers should risk having.
