I was recently asked to provide asked to comment on this interview with AV Technology Europe. After doing this, I thought I would look into how secure the world is for the Audio Visual industry.
It’s 2020. Things for the world of AV isn’t in a great place still. After a simple Shodan search for some of the key manufacturers (such as AMX or Crestron), it’s clear to see that integrators and system installers are lacking the understanding critical security of these systems.
Just from searching Crestron on Shodan, there 23644 devices accessible from the internet. 23 thousand?! And we’re not just talking HTTP/HTTPS, we’re talking SSH, FTP and other various communication ports.
Some of this devices are protected by a mere simple username and password, or even worse – default configuration.
What is concerning for me is that some of the devices could be located in corporate and sensitive environments such as boardrooms or even education spaces.
I default think there is more can be done by Manufacturers to randomise default passwords, such as by using the serial number as the password. It’s not the best solution, but it would certainly disable those password library bots from taking over your video wall processor.