It hasn't been a great couple of weeks for cybersecurity in the AV industry.
Draper's communication systems were
ransomwared, Logitech's Unifying USB dongles
were found to have security flaws and of course, Zoom's ubiquitous UC software was
found to have a vulnerability that allowed users' webcams to potentially be taken over by a third party. Andrew Davis' piece,
Imminent Disaster — The Looming AV Threat, talks about how pro AV already takes basic physical security seriously, like using security screws to make sure a display can't be easily stolen — why can't the same be done with cybersecurity? Just changing the default password on devices is easy and makes a huge difference, and yet it's not always common practice. Paul Konikowski
also explains what happened in all three cases (Draper, Logitech, Zoom) and talks about how the companies responded (and what lessons were learned). All AV manufacturers — well really, all companies — should read his piece, because it's a matter of time for when (not if) this happens to another.
In the cases of Zoom and Logitech, the flaws were discovered by researchers, not because of an attack. We're lucky every time this is the case (as it was in the case of the
wireless presentation device problem earlier this year), because it's another opportunity to be proactive before there's major damage done to companies and systems, or worse, users. I really hope everyone is paying attention here. If this month (or year, really) hasn't been a wake-up call, then I don't know what is.