Phil Hippensteel on AV Security Concerns

Publish date:

In this newsletter, my objective is to focus on security of AV devices. However, I’m going to use an indirect approach to this topic. First, I’ll discuss an internet protocol and service that is absolutely critical to the proper function of nearly all IP networks. It is especially critical to the use and function of the Internet. Then, we’ll turn our attention to the attack that denied the use of that resource for a period of time. Lastly, I’ll explain how AV devices played a critical part in the attack.

Domain Name Services (DNS) is vital to the operation of almost all IP networks. The only exception would be small isolated networks with a few devices that have no connection to other company networks or to the Internet. DNS capability is dependent on systems and devices across the globe. It is a stored, distributed database of names that relate or map those names to specific IP addresses. For example, I understand that the address is related to Google because DNS has the network address for the server in its database. Now, how is this distributed database critical to each of us? When I go onto the web and click on an icon or type a name such as into a browser address field, I have asked for a resource from a server. However, I don’t need the address of that server because DNS tells my browser it is at So, that’s where my request packets are sent. However, most people are surprised to learn that when you visit a typical home page of a company or college, your browser sends 12-18 DNS queries to obtain all of the resource files necessary to build that page for you. In other words, take away the DNS capability and you can’t browse or get resources from the Internet. Think about the impact of this function on customers who are looking at your company’s web site for products or services.

Now, let’s turn our attention to an attack on DNS that was very disruptive. On October 16, 2016, a denial of service attack was launched on DYN, a major DNS service provider. This disruption caused many web sites to be nearly inaccessible for over two hours. Some of the companies affected included Fox News, Amazon, and Paypal. After a few hours, the attack was blocked, but it repeated two more times during the day. I have spent most of my career as a college professor. Therefore, I like multiple choice questions. Here’s one for you: The attack was primarily launched by

  • a. a clandestine, nation sponsored group from the Pacific rim, probably North Korea.
  • b. disgruntled computer science students.
  • c. compromising a large number of cameras and other embedded system devices.
  • d. a former employee of Paypal.
  • e. compromising a major retailer’s payment server.

The answer is C. Some reports indicate that the botnet of cameras and devices may have exceeded 100,000. That is, the attack was launched because someone had control of this vast number of devices and could issue the attack command. Here’s the really scary part. The attack, named Mirai, was based on compromising the attack devices using a list of 60 common username/password combinations set as factory defaults. The passwords were never changed by the users and this made the devices vulnerable to the Mirai control server. The AV industry must stop shipping devices with default authentication combinations like admin/blank. A major step was taken by at least one manufacturer of cameras. They require the initial use of the camera to be dependent on changing the password. I believe that is a major step in the right direction. However, as users, we must be informed enough to change the default to something that is not simple to guess. It certainly doesn’t show good business operations to have it made public that our cameras were part of an attack that interrupted service to tens of millions of Internet users.





This video over IP solution for high-definition signal extension, switching, and manipulation, leverages off-the-shelf 10Gb Ethernet switching and enables signal management of 4K/UHD 4:4:4 at 60 Hz signals with zero frame latency and seamless, multi-format switching. Available more


Vaddio PrimeSHOT 20 HDMI

Unveiled at InfoComm 2018, the Vaddio PrimeSHOT 20 HDMI camera is a 1080p/60 unit with a 20x optical zoom, 55 degree horizontal field of view, simultaneous HDMI 1.3, S-Video and IP streaming outputs and a web based setup and control interface. The zoom and resolution make this a more


Hall Research FHD264

While some AVoIP products are focused on 10G, this family of HDMI over LAN senders (encoders) and receivers (decoders) uses video encoding techniques to distribute up to 64 Full-HD video signals to hundreds of displays on a simple 1G local area network (LAN). The devices also more


ClearOne View Pro

This platform enables high-quality, 4:4:4 multimedia streaming on an existing IP network. It comprises a complete AVoIP distribution solution—including AV encoders, decoders, amplifiers, and advanced software licenses that support any multi-imaging need from simple to complex more