One of Canada’s largest digital signage providers was hacked last week. Instead of displaying menus and promotions, some screens showed messages supporting “Liberate Palestine.” This serious security incident showed once again that IT security is only as good as its weakest link.
According to IBM, phishing scams are the leading initial attack vector, responsible for 41 percent of all IT security incidents. Other studies show that phishing is even responsible for up to three-quarters of all IT security attacks.
A successful phishing/social engineering attack was also the root-cause for the largest known digital signage hack of the year so far. A Canadian digital signage network operator was compromised last Thursday. Via a phishing attack unknown individuals gained unauthorized access to several of the network operator’s cloud-based IT systems as well as the two on-premise digital signage platforms. The hackers changed the content on hundreds of screens to display a call to “Free Palestine.” First photos and videos were shared on social media within minutes of the hack.
Cyber security is essential
The security incident demonstrated again how important it is to keep IT systems up-to-date and that modern IT security features such as two-factor authentication should be fully implemented. This is why security certifications like SOC 2 Type 2 or even better ISO 27001 – the gold standard for infosec compliance internationally – are so crucial (Comparison Soc2 vs ISO27001). IT security processes on both the digital signage provider and customer side must be state-of-the-art and regularly monitored and certified.
As invidis learned, the CMS platforms themselves were not compromised in any way. Instead, a user account on the customer managed on-premise installation was “hacked.” A reminder that integrators / end-user should configure CMS platforms to provide maximum security, e.g. enabling features like multi-factor authentication (MFA), managed single-sign-on (SSO), IP-restrictions as well detailed content approval workflows, user views, and roles.
Today’s success of digital signage is mostly based on the visibility and the relevance of the information displayed. Many networks have become business critical, which means they require professional IT security. However, in the digital signage industry—mostly made up of medium-sized companies—ongoing cybersecurity management services are still uncommon. In contrast, continuous remote management of devices, networks, and security is standard practice in the broader IT industry.
At DSS Europe 2025 (May 21-23), our main focus will be on managed signage with AI and cybersecurity. We will analyse recent security hacks with industry experts and IT security specialists and provide recommendations for action.
