AV Security Best Practices
Once again an audiovisual manufacturer is the subject of a hacking article on a tech press website. This time Crestron was featured during a Def Con session on hacking the control company’s products. Crestron had already fixed the exploit with a firmware update but it gives us the chance to talk about best practices in AV security. Our panel also discusses the benefits of regional and local experience centers. Plus ideas to get more AVIXA APEx certified commercial integrators.
Host: Tim Albright
- Megan Dutta – SCN
- Luke Jordan – Luke on Twitter
- Clint Hoffman – Kramer U.S.
Links to sources:
- Wired – Crestron hacked at Def Con
- inAVate – New European AVIXA APEx integrator
- AVNation TV – NEC’s new experience center
- Both Crestron Electronics and Kramer Electronics are underwriters of AVNation TV. For more information about our underwriting program click here.
- AVNation did reach out to Crestron for a spokesperson for this episode. They chose to respond in writing.
- Crestron’s statement on the Def Con hack and Wired article: “An article was published in Wired magazine late Friday regarding a presentation at the DefCon hacking conference in Las Vegas. The article and presentation described a hypothetical impact of an already corrected security vulnerability pertaining to some of Crestron’s products.In keeping with our commitment to security, we discovered potential issues and corrected them in May 2018 via a firmware update to all of our dealers and integrators.It is important to note that, in the hypothetical scenario outlined by the Wired article, that Authentication was not enabled on the tested Crestron devices. Authentication has been available for almost a decade on Crestron products and, when enabled, the scenario detailed in the article is not possible. In addition, the updated firmware we released in May eliminated any potential security risks.
Crestron considers the security of our products paramount. In fact, our products are built with the best security in the industry. Crestron sets the gold standard for network security by leveraging the most advanced technologies including 802.1x authentication, AES encryption, Active Directory® credential management, JITC Certification, SSH, secure CIP, PKI certificates, TLS, and HTTPS, among others, to provide network security at the product level. Quite simply, the Crestron security feature set is unmatched in the industry.
We encourage anyone who has questions regarding the security of their Crestron devices to visit this page, and/or reach out to our TrueBlue Customer Support Team.”