The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) on Monday urged organisations using digital signage devices to enhance security measures and review best practices to protect against potential cyber attacks.

Alex Chan, the spokesman for HKCERT, said the use of digital signboards has increased significantly to engage customer interactions through digital advertising and public information, but warns that its growth comes with potential cyber risks.

HKCERT conducted a survey of 624 organisations across various industries, including retail, tourism and financial services and found that almost 40 percent of the companies they surveyed did not conduct risk assessments for their signages in advance.

He said the centre identified various vulnerabilities that require urgent remediation among digital signage usage.

"Someone uses a USB device that includes malicious content or also can
include some script, when they insert it into a digital signage with the USB port exposed, they can quickly replace the content," he said.

"For the infrared, it's another channel apart from the USB port the attacker can leverage, they can based on some infrared advice to emit some orders or instructions to the digital signage so that they would also, under the other malicious command, change the content of the digital signage."

He added that some digital signage systems also utilise weak encryption methods, which could potentially allow to hackers intercept, control or obtain network information.

Chan said companies need to increase their awareness and conduct the security measures recommended.

"Physically, they block the USB port, they stop the USB port autoplay functions, the infrared services, or maybe use a very strong username password for the content management system, or use a stronger encryption protocol so that it's not easy to eavesdrop on the content sent between the user computer, the Wi-Fi network, the content management system, and the digital signage," he said.

HKCERT said it handled over 12,000 security incidents in 2024, with phishing accounting for over half of all cases, marking a 108 percent increase from the year before.

Chan highlighted that looking ahead this year, supply chain security and AI content hijacking will become the primary cyber security risks in Hong Kong.

"Organisations and individuals must prepare by implementing appropriate cyber incident response measures, deploying suitable cyber security measures, conducting regular security audits and penetration testing, and understanding and preventing relevant risks," he said.