Business challenge

With thousands of network-connected advertising displays located around the world, the company has thousands of potential vulnerabilities that criminals could exploit.

Transformation

Quarterly penetration testing from X-Force Red helps the company identify and remediate vulnerabilities that could allow criminal attackers to replace advertising content with their own messages or video.

Results

Improves

the security posture of the company’s networks and digital signage solution

Helps prevent

highly visible attacks that could damage the company’s reputation

Helps avoid

regulatory fines that could result from a breach of personal data

Business challenge story

Protecting a network of interactive advertising displays

When you have thousands of streaming LED advertising displays located around the world, you have thousands of potential vulnerabilities and network entry points that criminal attackers can exploit. Moreover, local in-country technical teams may make infrastructure changes that increase the risk of criminal attackers taking over a display and replacing the advertising content with whatever message or video content they want. 

With its reputation potentially on the line, this worldwide advertising company turned to X-Force Red for penetration testing services. The company wanted the X-Force Red team of veteran hackers to identify security weaknesses in the displays themselves or in the custom network that streams advertising content to the displays, which range in size from 60 inches to 50 meters. The displays are located in malls, airports, on buildings and virtually anywhere a customer can think to mount them. 

We were able to take control of the advertising screens, which would allow us to change the content to anything we wished.

—X-Force Red consultant, IBM

Transformation story

Uncovering hidden vulnerabilities

When the company first engaged X-Force Red for penetration testing, it was very surprised at what the team found. The team's seasoned hackers took full control of the streaming devices tested and reverse engineered them to understand how they worked. X-Force Red then took control of the advertising screens, which would allow them to easily change the screens’ content.

An even bigger surprise for the company was the discovery of security issues on the content streaming network that could have led to a compromise of its internal network. These issues included user credentials and account details flowing over the content streaming network in clear text as well as other network security holes.

As part of the penetration testing service, X-Force Red delivered a report that included a detailed description of each vulnerability identified, enabling the company to quickly remediate the problem. The report also included recommendations for longer-term remediation such as deploying a patch management system. 

Since that initial testing experience, the company has retained X-Force Red to conduct quarterly testing at locations selected by the Chief Information Security Officer (CISO). X-Force Redhackers are typically onsite for four to five days, wherever that site may be—the rooftop of a building, in an airport that requires a security clearance for access to the runway where the signage is located, or on the street where there is no power for laptops. 

Most recently, X-Force Red tested a new signage installation in an airport in China. Other times the CISO has selected locations where countries have made modifications outside of the corporate IT-approved way of doing things, and where X-Force Red discovered security vulnerabilities.

An even bigger surprise for the company was the discovery of security issues on the content streaming network that could have led to a compromise of its internal network.

—X-Force Red consultant, IBM

Results story

Improving security posture globally

As a result of the security vulnerabilities identified by X-Force Red, the advertising company has been able to significantly improve the security posture of its internal network and global digital signage solution. Keeping on top of the ever-changing vulnerability landscape helps the company avoid the kind of highly visible attacks — compromising content appearing on the interactive signage displays — that can damage its reputation as well as the reputation of its customers. Improved internal network security also helps protect against data breaches, helping to avoid fines from regulatory organizations. 

About International advertising company

This advertising company is a world leader in digital display advertising, streaming content to LED displays that range in size from 60 inches to 50 meters. Displays are typically located in malls and airports and on exterior locations such as buildings and streets.

Take the next step

To learn more about X-Force Red penetration testing services, visit:  https://www.ibm.com/security/services/penetration-testing

Follow the "X-Force Red in action”podcast series to hear how X-Force Red is protecting clients.

For more information on IBM Security solutions and services, visit:  ibm.com/security. Follow us on Twitter at @IBMSecurity or visit our blog at securityintelligence.com.

View more client stories or learn more about IBM Security.