Knowledge Base

Player Hardware Security/Threat Prevention

Tags: security patches updates antivirus spectre meltdown

Description

How can I secure/prevent threats against my Player Hardware?

Resolution

EngagePHD is supported across a wide variety of hardware platforms. Unless your 'Player' is used for touchscreen interactive applications, the devices are at minimal risk since they are configured for one sole purpose and no-one will be using them to browse the Internet etc... and unnecessarily expose the device to threats. However Ping HD is not responsible for supporting/providing patch updates and antivirus solutions on your hardware, but we do recommend you consider threat mitigation.

Below we list the different hardware/operating system versions supported and our recommendations to minimize/prevent risk from cyber threats:

Microsoft Windows

Window's XP is no longer supported by Microsoft and EngagePHD, so Microsoft will not be issuing any security patch updates.
Since your Window's devices are being used for Digital Signage, we do not recommend having your Windows settings set to allow automatic Windows updates as you wouldn't want the Player to reboot at a critical time during your event/service/etc... however we do recommend that you manually apply critical Windows updates at a convenient time.
With Windows 7 and 10 (all variants) we recommend installing Anti-Virus software on your devices based on your corporate policy or preference.
If your Windows Device is being used for Touch Screen applications by the public, then please review Windows 10 Touch Screen Security Configuration Recommendations

Android (Generic)

EngagePHD is supported on Android version 4.4 and later.
We recommend installing Anti-Virus software on your devices based on your corporate policy or preference.

Android (Cenique/Inreality C610)

Specific to the Spectre/Meltdown threat, C610's use the ARM RK3288 chipset which are not vulnerabe to the Spectre/Meltdown attacks.
It is NOT on the list of vulnerable processors
Refer to the following documentation provided by the manufacturer:
- Platform Security
- Security Measures

BrightSign

Please refer to BrightSigns security recommendations - http://docs.brightsign.biz/display/DOC/Security

LG webOS

Specific to the Spectre/Meltdown threat, ARM’s Cortex-A53 (webOS) is one of the few chipsets that are not vulnerable to Spectre/Meltdown attacks.
webOS provides security features including:

- Platform security
* Sandboxing – jailer
* MD5/AES decryption API

- Network security
                * HTTPS (TLS v1.2)
                * SSC (self-signed certificate)
                * proxy and exception domain
                * port control

LG webOS is certified for UL2900, the new standard for software cybersecurity for network-connectable products that was published in July 2017. The certificate covers webOS 3 and 4.0.

Samsung SSP (Tizen)

Tizen v 2.4 and later is first and currently the only commercial platform that is CCC security certified. Additionally the Samsung KNOX architecture is US-DOD approved and applied to Smart Signage Platform v4 and later.
Specific to the Spectre/Meltdown threat, Samsung state there is no vulnerabilty on any SSSP product from SSSP 2.0 (D Series) through to SSSP 5.0 (2nd Generation Tizen) and subsequent releases.

For information about network security, please review Network Requirements / Firewall Configuration

For information about EngagePHD web application security, please review EngagePHD Application Website Security