Danger! Logic Bombs in Audiovisual Control Systems

So-called Logic Bombs haven’t quite found their way into audiovisual control systems yet, but just wait…The unprepared will suffer.

This article was originally published in Commercial Integrator on July 9, 2019

Logic bombs are a form of malicious code whose effects are purposefully delayed by design. The name “logic bomb” stems from the classic ticking bomb imagery often depicted in James Bond type movies. The logic bomb initially goes unnoticed during its dormant phase, and is triggered by elapsed time, a specific date, or some combination of inputs. Logic bombs are common in computer malware, but haven’t been reported in audiovisual control systems, so you have to use your imagination a little.

Here are a few examples:

  • A logic bomb could be programmed into an AV control system, so that after a projection screen is lowered and raised 100 times, the logic bomb is triggered, and the AV system no longer functions properly.
  • A logic bomb could be set so that it is triggered on a specific date some time in the future.The AV system works fine until July 1, 2020, and then suddenly, it stops working, even if the AV system is rebooted.
  • A logic bomb could also be triggered by a certain combination of inputs.

Let’s say you have a 4-way divide/combine space that is typically separated into 4 rooms, A, B, C and D. The system is tested and works when the rooms are separated or combined into 1. But when you try to divide the rooms into A&B and B&C, it suddenly stops working.

Any permutation of the three examples above could also be combined, making the logic bomb is harder to detect.

Logic bombs in computer systems are often triggered by a certain login. Imagine if every time a particular CEO used a video conference system, it recorded and/or streamed the call to a hidden endpoint.

Who on Earth would do this?

The answer is: anyone with malicious intent.

An external hacker who has infiltrated a business network could replace the audiovisual control system with similar code that includes a logic bomb, which could open a back door for them at a later date, and/or forward logins and other valuable information out through the firewall.

This would make the security breach harder to attribute to a specific IP address or individual.

Another scenario might be a malicious internal attacker. Perhaps an on-prem AV support technician asked for a raise and did not get it.

Once they found a new job elsewhere, the jaded individual could replace the AV control system code with one that included a logic bomb. The logic bomb could be set to go off during a big annual meeting, or gather valuable information that could then be sold to a company’s competitors.

AV integrators could also implement logic bombs to generate unnecessary service calls.

Most AV systems are warrantied for the first year. After a year, the client has an option to continue the service plan on an annual basis. If they don’t have a service plan, the customer has to pay for each service call that is placed.

The best defense against logic bombs are passwords that limit the access to the audiovisual control system code. Any device on the LAN should be locked down using access controls on network switches.

Customers should also demand uncompiled copies of the final AV control system code, and watch the AV integrator upload that code to the AV system at the very end of the project, so they know there are no logic bombs.

LOGIC BOMB in the form of binary code, 3D illustration

If you enjoyed this article, you might like these related posts:

My 3-Tiered Approach to Networked AV Security

Design Principles For Secure AV Systems

Identifying Cyber Attacks, Risks, Vulnerabilities in AV Installations

5 Steps to Better Cyber Risk Management

The Best Data Breach Incident Response Plans Require These Steps

 

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s