At a recent cybersecurity conference (DEFCON), security researcher Ricky Lawshae taught a session called “Who Controls the Controllers — Hacking Crestron IoT Automation Systems” that showed how vulnerabilities in touch panels could be exploited to do everything from access user passwords to take over the network that the touch panel is controlling to even being used for audio or video surveillance. Yikes. This conference was just last week and Crestron has already released a mandatory patch that they say fixes the issues.
Crestron, obviously one of the largest companies in our industry, was probably picked on because their size and reach makes them an appealing potential target for hackers. That means they also had the resources to push out a fix very quickly. As more and more AV systems become network-based, there will be more risks for clients, and both AV integrators and manufacturers of network-connected AV equipment need to be ready to quickly address issues that come up, as well as protecting against them in the first place. Mark Coxon has some thoughts on this, so be sure to read his most recent column.
Lee Distad also talks about why integrators might want to partner with a buying group, and we have a lot of pre-CEDIA news. Enjoy the issue!