Facial Recognition Raises Security Stakes on Digital Signage

Facial recognition software is being embedded in digital signage to deliver a more personalized audience experience.

The medium is already a target for cyber attackers and mischief makers. Adding facial recognition into the mix potentially increases the risks.

As part of the Internet of Things (IoT), digital signage ought to have security built-in by design.  But this is often not the case.

Digital signage companies can assure the privacy of any personal data collected via facial recognition by encrypting the connections between all remote endpoints and central control. 

A tried and tested way to achieve this is with enterprise-class virtual private networking (VPN) software.

Signs of the Times

Recent advances in artificial intelligence (AI), processing power and high-resolution cameras are coming together to make digital signage with facial recognition capabilities a viable option for certain applications.

Retailers, for example, want to use it to target shoppers in real time with age/gender-related advertising.

Airports are considering automated terminals with facial recognition technology to let passengers check-in, pass through border controls, receive personalized flight information from digital signage and self-board.

Restaurants anticipate using signage with facial recognition to build up customer profiles. The information could help them give customers personalized suggestions based on their menu preferences.

Meanwhile, the U.S. government has demanded that facial recognition identification of all international passengers, including American citizens, be implemented in the top 20 US airports by 2021.

Moves like this encourage technology firms to promote remote facial verification for a wide range of applications.

Conflicting Priorities

Digital signage is a very public medium. This makes it a very tempting target for cyber attackers.

Incidents in recent years, billboards in Malmö, Sweden, and at Union Station in Washington, D.C. have been hacked with pornography.

In Vietnam information screens at two of the largest airports were hijacked. In addition, new malware variants aimed at enterprise assets like digital signage are appearing all the time. 

Against this backdrop, organizations seeking to match facial recognition technology with personal information they hold on customers or citizens are raising the stakes substantially. People’s privacy could suddenly be placed in jeopardy.

Yet, most digital signage firms have conflicting priorities. Companies usually come from a background in audio-visual (AV) or marketing/advertising. Their priority is to maximize campaign effectiveness for a given budget.

Security for data privacy is often left to an in-house IT department or to a third party cloud service provider.

Lock Down Data Security

Advances in facial recognition technology are arriving at a time when there is growing public concern over how organizations are collecting their data and what it is being used for. Regulatory pressures are also mounting.

It follows that digital signage companies need to take the utmost care to prevent their new facial recognition applications falling victim to a data privacy breach. 

Digital signage, in common with any other IoT device, requires built-in security against remote attacks.

Simple first steps should include ensuring sotware is updated regularly and on time, locking down any open ports and changing default security settings.

Other considerations are network segmentation for diigital signage players, disabling Bluetooth connectivity and implementing intrusion detection systems (IDS) capable of detecting/preventing zero day attacks.

Furthermore, all remote signage devices should be authenticated to prevent non-authenticated devices being able to connect to the network.

And finally, communications between the remote devices and their central control point should be encrypted to prevent attackers from intercepting any personal data being shared.

Recognizing the Merits of VPN

The best way to encrypt communications between client signage devices and their central control hub is with a VPN.

Encrypted data passing between digital signage devices is rendered indecipherable to outside parties thereby preserving the privacy of any personal information collected or shared as a result of facial recognition technology.

Professional, enterprise-class VPNs use military-grade encryption and are capable of managing many hundreds of remote devices from a single, central point of control.

It is also a good idea to use a form of digital assurance known as certificates to authenticate the identity of every remote signage device.

Securing the identity of devices in this way prevents imposters from being able to use a dummy identity to intercept private information passing across the network.

In summary, AI is combining with new advances in computer processing and camera performance to make the prospect of digital signage with facial recognition technology a reality.

Digital signage has already proved to be vulnerable to attack. With the addtion of facial recognition capability the risk of consumers’ personal privacy becoming compromised rises substantially.

A professional VPN is a vital component in any security strategy.

In addition to encrypting and securing communications to and from remote signage devices, a professional VPN can help to authenticate devices to make personally identifiable information (PII) unintelligible to any unauthorized party trying to access it.