Confidentiality, as defined, means: “any information that cannot be revealed to an unauthorized subject” with the main goal being to maintain the privacy of said information. The “subject” in this definition refers to either an individual, group, or system. Generally speaking, commercial organizations who are perceptive to the slightest of risks will usually institute several protective measures to prevent sensitive or confidential information from getting into the hands of unauthorized individuals to view or to use. Commonly seen invasive behavior that purposely violates confidentiality include: password phishing files, social engineering attacks, shoulder surfing, eavesdropping, and others. Outside of these, there are also non-invasive behavior that can lead to unauthorized individuals obtaining confidential/sensitive information, including human error, lack of oversight leading to mistakes, employee ineptitude, and so on.
Integrity, as defined, means: “requiring that measures which amend the handling of any confidential information be authorized and not falsified”. Its main goal is to maintain the veracity, consistency, and completeness of said information. Commonly seen behavior that violates integrity include falsifying confidential information, deleting classified documents, and others.
Availability, as defined, means: “when authorized personnel are able to freely view and use confidential information without interruption” with the goal of maintaining the normal flow of business. Commonly seen invasive behavior that violates availability include: denial of service attacks and communication interruptions. Outside of these, accidents and natural disasters can also lead to information not being able to be freely viewed without interruption, for example short circuits, power outages (from the accidental cutting or damaging of power lines), earthquakes, hurricanes/typhoons, equipment failure due to overuse, and others.
We define the information and assets that should be protected based on these guidelines, where the assets may include things like company-issued computers, operating systems, equipment that may hold a company’s confidential documents, and others of the like. It is because of all of this that starting from 2015, at the inception of the InstaShow design process, we took into consideration a company’s need to protect its important assets and information so as to ensure that, as a piece of equipment, InstaShow would not act as a hole in the company’s information safety net. As a result, we sacrificed the use of a USB connection and executable files in the development of InstaShow, both of which were technologies that in the market at that time were considered mainstream. We were adamant in our belief that any method used for wireless casting that required executable files and/or drivers would include the risks shown below.
By simply relying on transmitting what’s displayed on the screen and not requiring the use of drivers or software, InstaShow can prevent the installation of any malware. We also believe that with this type of software-less design IT technicians will not need to spend any additional time to develop control measures just to implement a wireless presentation system within their organization.
As we considered ways to wirelessly transmit data in the early period of InstaShow development, we decided to employ the commonly used WPA2 Wi-Fi encryption for the WDC10 model. For WDC20 we went a bit further to ensure that streaming data could not be decoded during the transmission process by utilizing hash functions to add a second layer of encryption for the data transmission. This is so that even if hackers could find a way to monitor the wireless data over the air or even decrypt the WPA2 encryption to extract portions of the transmission, they would still not be able to reverse-engineer their way to the full content of the transmission. Recently though, a method for hacking WPA2 encryption involving handshaking to obtain the encryption key, called WPA2 Krack, has been developed which in turn has led BenQ to take the initiative in strengthening the safety of WPA2 by requiring its products undergo lab certification to ensure that they are free of any WPA2 Krack risk. Furthermore, by allowing the wireless presentation system to be separate from an organization’s internal network, InstaShow centers the whole process on an easy setup and easy presentation concept, thus easing IT technicians’ fears over how to set up a wireless casting system while ensuring the safety of any guests’ data. In this way guests can use BenQ InstaShow stress-free without having to worry about whether their company’s computer is unknowingly implanted with malware. Moving forward, BenQ will continue to improve upon InstaShow and support the information security needs of IT technicians and their companies.