Barco announced this week that a security vulnerability was discovered within its ClickShare product, which is fixed with an update available immediately, ClickShare update 1.9.1. This vulnerability was discovered by security consultants F-Secure through a process known as “ethical hacking.”
“In October of this year, consultants from reached out and shared that they had managed to gain access to our ClickShare solution,” said Michael Vanderheeren, director of product management. “By upgrading to our 1.9.1 software release, customers can further harden their devices and continue enjoying the best experience and security on their ClickShare. We strongly recommend all customers to upgrade to this latest version.”
Updating ClickShare units can be done through the ‘auto-update’ function in the product, or by using the free XMS (Cloud) Management platform. For units that are not connected to the network, updates can be downloaded and installed from here.
You may recall a series that our editor, Sara Abrons, wrote earlier this year about all the security issues the AV industry faces as we add more network-enabled AV gear to systems, particularly with regards to OEMs. If you haven’t read that, and the stories linked inside it, you should. It specifically referenced a security issue Barco had with regards to its wePresent product, which also existed in several OEM versions on the market under different manufacturer brands.
According to Barco, the ClickShare products are designed with security, privacy and confidentiality in mind, and with every quarterly software release, new features and fixes are added to the product range. Next to being ISO27001 certified, Barco also has a Product Security Incident Response Team (PSIRT). The PSIRT continuously monitors privacy and security risks on the portfolio and drives security improvements to ensure ClickShare continues to be a trusted wireless collaboration tool.
PSIRT expert David Martens adds: “Security flaws always sound very scary, as most of us think of intercepting information, installing malware or retrieving passwords. To date, we have not received any reports of vulnerabilities being exploited in the wild, and when upgraded to the 1.9.1 software, the only way to get access to confidential information will be through physical access to the ClickShare Base Unit. Simply put: unless you tamper with the electronics inside the Clickshare hardware, you will not get access to any information.”