Hi everyone,
I’m a TouchDesigner user and I am currently completing a Master’s in Network and Security.
I am curious to know if any research project around Secure Architectures for Interactive Systems exists, research on security of protocols used in interactive software like touch etc… and I’m looking for real-world feedback on security of interactive installations.
It’s been a while since I am out of the media entertainment world but wondering how the remote monitoring of large permanent installation is done (VPN, MQTT, Cloud-sync, the observability with what ? Grafana or other in house solutions?) and what about the security of the IoT integration ?
I have a few questions for the community:
-
Is cybersecurity a topic that is ever discussed during your production phase ?
-
Does anyone know of cases where an interactive installation or a media server was hacked/compromised (locally or remotely)?
-
How do you handle remote monitoring/control securely when the installation is on a client’s public network?
I’m interested in any ‘stories’ or best practices you might have. Might be a cool subject of research.
Thanks. Jacob.
Hello,
Some personal answers. I work mainly for theater and dance, small productions, few or no internet connections very reduced risk.
1 Not at all, we just discuss about annoyance of personnal public devices trying to connect to the performance wifi.
2 No
3 Most of time, when working on real capitalistic enterprises (not theater or art galleries) the client network/security servicedoesnt allow me to connect on the client network. If the project really need it, they connect my machine respecting their protocols. When I need a quick link to internet, I normaly use a shared connection on my smartphone.
Thank you very much for your feedback Jacques !
It’s interesting for the performance wifi. This is a point of entry even for small installation. Do you cloak it to avoid those public device trying to connect ?
I haven’t made specific researches but just thoughts :
- protocols like OSC, DMX in art-net might present vulnerabilities that are usable remotly or directly on the installation space if network is not secured.
I will dig more into it and share it later.
I hide SSID to avoid phones pinging network and i activate password protection.
But I trust audience comming to performance and I hope they are more interested by what is on stage than hacking the network 
Yes the protocols are not secure but, as before, I never had or heard about damage provocked by the network and I hope it is continuing like that. I fear more somebody dripping beer or soda on my laptop !
I make continuous backup and i work in theater because it is less concurental/capitalistic than the real world, like a realized utopia.
I would tend to think like you, there are probably higher chances that a large commercial installations for airport, shops, etc… get hacked, and for simple reasons:
- this might impact more the reputation of a brand to do so
- this is larger reputation reward for a hacker to do so than hacking smaller artistic installations
- hacking an event installation for a very large and visible event or brand might be a great opportunity for hacktivist,
I have the intuition that security is not a priority on for interactive installation company (that have a ton of other things to think about).
We can find examples of digital signage hacked for displaying hate messages, or bus stop display hacked to make false warning and so on.
For example if I was paranoid, I could say that destroying sound system in a very large event by taking control of volume and diffused sound might hurt people.
Interactive installation is the base for smart environmment, like smart lounges in high end hotel, and much more… the more these environment are available the more attack surface and danger arise. As long as it stays small and artistic of course it doesnt represent that much of a danger. But as soon as it gets public and wide spread, it becomes a target.
Clients and compagny alike should be be careful of it… another case that comes to my mind. Let’s say the display installed by interactive installation company get hacked, display hate message and thus damage the brand reputation of the client. Who is legally reponsible ?
From what I see these kind of environment will be more and more in demands (at least in high end areas), which mean more possible targets That’s why I think it might be an interesting subject.