major vulnerability in clickshare presentation sharing device

Ethical Hackers Discover Major Vulnerability in Belgian Presentation Sharing Device

Last edited: December 17, 2019
Reading time: 2 minutes, 16 seconds

Have you watched or given a presentation lately? Chances are you’ve discovered the advantages of hassle-free content sharing that a wireless presentation device like ClickShare offers. Unfortunately, this device can also be tampered with, as discovered by ethical hackers recently.

Plugin, Click and Share

ClickShare is a system developed by Barco, a Belgian company that specializes in digital projection and imaging technology. It is one of the most popular presentation systems available today.

The system is very easy to use. Once the ClickShare app is installed on the required device, users simply plug in and connect. Next, with just a click, users can share presentations from any device to a presentation screen. The system can be used by up to eight presenters simultaneously on one or more screens.

It is ClickShare’s ease of use that has ensured it has found its way into over 700,000 meeting rooms around the world. ClickShare currently has approximately a 29% market share.

However, because of the systems increasing popularity and because it is used to share sensitive information, it is also a likely target for hackers.

Put to the Test

A group of ethical hackers from the Finnish security company, F-Secure, decided to put ClickShare to the test. To their surprise, they managed to “break into” the device and were also able to install so called “backdoors”. Backdoors allow hackers to easily return to hacked devices at a later stage.

It is important to note that hackers needed to be in the device’s vicinity to be able to hack it. Nonetheless, the devices can be hacked, and then hackers could:

  • Steal sensitive business information and sell it to competitors;
  • Possibly steal logins and passwords from users; or
  • Even install computer viruses on the computer and on the company’s network.

Barco NV emphasizes that none of their systems have actually been hacked. After the vulnerability was discovered and reported to Barco, the company immediately started working on an update to better secure its ClickShare systems.

Designed with Security in Mind

ClickShare uses various measures to guarantee maximum security, including:

  • Multiple layers of encryption;
  • Verification mechanisms, such as secure passwords and pin codes; and
  • Various predetermined levels of security, from unauthenticated access to requiring more and more stringent levels of authentication

It is recommended that users enable auto-update on ClickShare systems and ensure that units are not publicly accessible from the web. It is also recommended that users regularly change passwords and use secure passwords.

Furthermore, it is important to remember not to reuse passwords. 75% of people who use “password” for their email password, probably also use it for their LinkedIn, their virtual private networks (VPN) and a whole host of other accounts where they don’t want a stranger poking around.

Main author:

More articles from the ‘News’ section

Comments
Leave a comment
Leave a comment