Danger! Logic Bombs in Audiovisual Control Systems

So-called Logic Bombs haven’t quite found their way into audiovisual control systems yet, but just wait…The unprepared will suffer.

This article was originally published in Commercial Integrator on July 9, 2019

Logic bombs are a form of malicious code whose effects are purposefully delayed by design. The name “logic bomb” stems from the classic ticking bomb imagery often depicted in James Bond type movies. The logic bomb initially goes unnoticed during its dormant phase, and is triggered by elapsed time, a specific date, or some combination of inputs. Logic bombs are common in computer malware, but haven’t been reported in audiovisual control systems, so you have to use your imagination a little.

Here are a few examples:

  • A logic bomb could be programmed into an AV control system, so that after a projection screen is lowered and raised 100 times, the logic bomb is triggered, and the AV system no longer functions properly.
  • A logic bomb could be set so that it is triggered on a specific date some time in the future.The AV system works fine until July 1, 2020, and then suddenly, it stops working, even if the AV system is rebooted.
  • A logic bomb could also be triggered by a certain combination of inputs.

Let’s say you have a 4-way divide/combine space that is typically separated into 4 rooms, A, B, C and D. The system is tested and works when the rooms are separated or combined into 1. But when you try to divide the rooms into A&B and B&C, it suddenly stops working.

Any permutation of the three examples above could also be combined, making the logic bomb is harder to detect.

Logic bombs in computer systems are often triggered by a certain login. Imagine if every time a particular CEO used a video conference system, it recorded and/or streamed the call to a hidden endpoint.

Who on Earth would do this?

The answer is: anyone with malicious intent.

An external hacker who has infiltrated a business network could replace the audiovisual control system with similar code that includes a logic bomb, which could open a back door for them at a later date, and/or forward logins and other valuable information out through the firewall.

This would make the security breach harder to attribute to a specific IP address or individual.

Another scenario might be a malicious internal attacker. Perhaps an on-prem AV support technician asked for a raise and did not get it.

Once they found a new job elsewhere, the jaded individual could replace the AV control system code with one that included a logic bomb. The logic bomb could be set to go off during a big annual meeting, or gather valuable information that could then be sold to a company’s competitors.

AV integrators could also implement logic bombs to generate unnecessary service calls.

Most AV systems are warrantied for the first year. After a year, the client has an option to continue the service plan on an annual basis. If they don’t have a service plan, the customer has to pay for each service call that is placed.

The best defense against logic bombs are passwords that limit the access to the audiovisual control system code. Any device on the LAN should be locked down using access controls on network switches.

Customers should also demand uncompiled copies of the final AV control system code, and watch the AV integrator upload that code to the AV system at the very end of the project, so they know there are no logic bombs.

LOGIC BOMB in the form of binary code, 3D illustration

If you enjoyed this article, you might like these related posts:

My 3-Tiered Approach to Networked AV Security

Design Principles For Secure AV Systems

Identifying Cyber Attacks, Risks, Vulnerabilities in AV Installations

5 Steps to Better Cyber Risk Management

The Best Data Breach Incident Response Plans Require These Steps

 

Design Principles for Secure AV Systems

Secure AV systems start with smart design. Here are some standards that’ve been around forever but easily apply to modern audiovisual projects.

This article was originally written by Paul Konikowski, and published on Commercial Integrator on March 1, 2019

In my last CI article, we reviewed cyber threats and vulnerabilities in AV systems. Many of the known vulnerabilities, or “vulns” can be fixed with a firmware upgrade, securing your network, and/or enabling passwords; but what else can AV manufacturers, consultants, and integrators do to achieve secure AV systems?

One thing that can be done is to adopt a secure mindset from the get-go when designing secure AV systems, keeping the following design principles in mind.

These principles were outlined by Jerome H. Saltzer and Michael D. Schroeder in an IEEE paper way back in 1975. We will apply those secure design principals to AV systems here.

Economy of mechanism

Keep designs simple, which also means keeping your programming code as small as possible, making it easier to test and analyze. Simpler design means that less can go wrong.

Fail-safe defaults

The default access to a resource should be no access. A good example of something that violates this principle is a wireless router that does not require a password and/or encrypt the traffic by default.

Complete mediation

This means every access to a resource is checked against the access control mechanism, every time, and all attempts to bypass security are prevented.

Open design

“Security by obscurity” does not work. Adapt an open-source attitude so your security does not depend on secrecy. Code and designs should be open for scrutiny by your community. It’s much better to have a friend or colleague find an error, then it is to wait for a bad actor to discover it.

Separation of privilege

Access to rooms, systems, or files should depend on more than one condition. If someone gains access to the AV rack, can they simply access the components using a console cable? Or did you go a step further, and enable passwords, as well as encryption of those passwords?

Least privilege

Users (and programs) should only be given the minimum access rights to complete their tasks. The default access should be none, and then access should be granted as needed, on an individual basis, or based on well-defined roles within the organization. Temporary access can also be granted.

Least common mechanism

This means that one should minimize the amount of mechanisms and/or equipment that is used by more than one user. A good example of this would be a “room PC” in a training room used by multiple instructors. Does each instructor log in with their own credentials?

Psychological acceptability, a.k.a. ease of use

Users will avoid security measures that get in the way of convenience. A physical analogy would be a dead bolt that requires a key on both the outside and the inside. Some people won’t bother locking it from the inside, especially if their key gets stuck in the lock.

Other best practices like layering, isolation, encapsulation, modularity, and auditability should also be kept in mind.

If you enjoyed this article, you might like these related posts on PKaudiovisual:

Identifying Cyber Attacks, Risks, Vulnerabilities in AV Installations

5 Steps to Better Cyber Risk Management

The Best Data Breach Incident Response Plans Require These Steps

 

The Anatomy of an AV Integration Project

Like most audio/video (AV) integrators, we have been quite busy this summer. My company is taking on more projects than ever before, and I explained to my Engineering team that this is analogous to eating a big Thanksgiving dinner: the more food you eat in a given meal, the more likely your stomach will be in pain as you process all of that food.

Let’s flesh out this analogy: the more we eat (Sales), the more likely our stomach (Engineering and CAD) will hurt, and it is difficult to speed up that process . The only thing we can do to increase our overall metabolism (or so called ‘bandwidth’) is to try and exercise more often; exercise = training. And just like exercising, integration engineers need to make/find the time for training, to keep the process moving at a good pace.

If your Sales department is the mouth of the process, and Engineering/CAD is the stomach, then the next step is the process is Purchasing, which would be the small intestine. Some products have long lead times, others may be more readily available, and will move more quickly through the intestines, like liquids. The point is, the purchasing and receiving process usually takes a while, and largely depends on the Engineering to have things ready to go. If the stomach stops working, then nothing gets to the intestines.

According the Wikipedia, “[the] large intestine, also known as the large bowel or colon, is the last part of the gastrointestinal tract and of the digestive system in vertebrates. Water is absorbed here and the remaining waste material is stored as feces before being removed by defecation”. In our AV project analogy, the large intestine represents the rack building and programming of the DSP (digital signal processor) and/or control systems. The rectum represents the testing that happens before the installation begins.

At this point in the analogy, I need to be very careful to not offend anyone. To put it simply, the field installation teams are by far the most important part of the process, because without them, the rest of the process would get backed up. The project managers and installers don’t determine what projects we take on (eat), and yet they are the ones that inevitably have to deal with the … well, you get me. When they are finished, the integration process is essentially done. If Sales goes after junk-food-type projects, or if the Engineering and Purchasing departments make mistakes, you can expect some flatulence. Although it may be too late to fix the current project, the rest of the body will learn to take on jobs that are more healthy, and cause less pain.

So, are we finished here? Not yet! Assuming the system has been fully tested, the client needs to be trained, and the as-built drawings and manuals need to be delivered. Skipping this part of the process would be analogous to not using any toilet paper. You need to clean up! Some audiovisual integration companies are very faster than others in completing this step, others may take longer because they are more thorough. But no matter how long it takes, don’t skip this step! If you do, your clients will likely think that you stink. :)