May 21, 2019

On the security of ClickShare

ClickShare

3 min read

Designed with security in mind

Barco products are designed with security in mind. Both in hardware, software and even on a process level. We value your security, privacy and confidentiality, so we develop our products with the utmost respect.

As a result we provide more than 500.000 meeting rooms with secured and certified hardware. Our customers can benefit from choosing their own security levels, there are multiple layers of encryption and thoughtful implementation of verification mechanisms like a pin-code. An approach that has been supported and appreciated by the market – that’s not willing to accept hardware running on Android platforms with pin-codes that can be easily forced.

Early 2019 Barco also received the ISO27001 certification for the ClickShare product line ensuring we handle both data and security within the aspects of an industry standard process.


On Security Flaws Found in Wireless Presentation Devices

Beginning of May 2019 researchers at Tenable disclosed 15 critical vulnerabilities found in eight different Wireless Presentation and Collaboration systems. Both ThreatPost as well as Security Week covered these findings extensively. While any security vulnerability found leaves its mark on the industry, we would like to grasp this opportunity to stress the importance of the security topic.

"You can never claim you are 100% secure. What we have to ensure, therefore, is that we are proactive and that our response is ready to swing into action at short notice. For that, these risks must be acknowledged and the right mitigations and processes have to be in place."

- David Martens, Product security architect

The fact that a patch for these vulnerabilities has been released on our Barco WePresent solutions before the article was even published is a confirmation of our commitment to security and its corresponding process.


A continuous threat to collaboration

Nevertheless, security is a continuous topic and threat throughout the lifecycle of a product. Threat modelling is being applied to the ClickShare and wePresent products and penetration tests performed but not everything is known at the time a product hits the market. A good example is how the market was hit by the WPA2 crack – while Barco ClickShare products already had an extra layer of security when sharing, reducing the impact drastically, the issue was solved within the next week.

The solution lays in collaboration between manufacturer, channel and customer to in reduce potential threats and in the response towards any security vulnerability found.


Collaboration is the way forward

At Barco we provide regular, free software updates to improve our products and solve these vulnerabilities as soon as we are aware of them. All our products sold today include software updates throughout the lifetime of the product providing you the best possible experience.

However, limiting the threat of possible vulnerabilities is a collaboration of many. While we have implemented measurements like auto-update to ensure all your devices are always up-to-date, the following advice can help you to regain your peace of mind on any security concerns.

  1. Enable auto-update. While all of our units come with auto-update out of the box enabled we encourage you to review the settings and connect your Barco product to the network. This will both allow you to monitor your device through XMS as well as enjoy managed updates by Barco.
  2. Collaborate with IT. Ensure that the devices, when connected to the network are not publicly accessible from the World Wide Web preventing unauthorized access. Discuss which network configuration is required for an optimal experience both with the ClickShare Button as well as with our Apps. You can find all details in our networking deployment guide.
  3. Collaborate with Security. We advise our customers to execute a penetration test on any product they have on their shortlist. Barco executes both internal and external penetration tests on both hardware and software products and our internal team is willing to collaborate with you on providing the necessary details and products to do your validation.
  4. Collaborate towards a solution. We always encourage our customers to speak up about any possible vulnerability found and reach out the manufacturer of the product. Solving security vulnerabilities requires communication between both parties, preferably even through a secure channel which we can help you to set up.

Read more on ClickShare security?


Source:
https://www.securityweek.com/many-vulnerabilities-found-wireless-presentation-devices
https://threatpost.com/bugs-wireless-presentation-systems/144318/

Stay in touch

Receive the latest news about our service & products 

we will not share your e-mail address with 3rd parties