To use RetailPlayer in a live environment often leads to security questions which go beyond the streaming of music. To answer questions like, "does this device open any security hole" or "what if this device get hacked" we have put together an overview of the security features of RetailPlayer.
Encrypted Communication with client certificates
The communication between the Player and the Portal is one of the main features of the RetailPlayer solution, therefore needs to be secured! The communication over the WebSocket protocol is secured by standardised SSL/TLS encryption, which is "State of the Art" technology for encrypted communication over the internet. To Initialize the connection, every player needs to have a local client certificate installed issued by Barix, which is done with loading the Barix Firmware on the device. This protects the connection from 3rd party attacks and makes sure your device cannot be hijacked. Loading different certificate is not possible the connection will be rejected without a valid certificate. The certification can only be done by Barix.
Unique Password for every device
Every Barix device that was developed after 2019, will have a unique, randomly generated and secure password assigned in the factory. This way every device has built-in security already included when shipped.
Latest Linux Based Software
The RetailPlayer devices are running on the latest software provided by barix. The Linux based OpenSource Operating System provides a secure platform for the RetailPlayer solution. Barix is continuously updating the software on the device with every update of the RetailPlayer firmware.
Barix Firmware and Maleware
The will be no trouble with Malware with a RetailPlayer device! Even though it's theoretically a complete computer system and could run any software, there is no way to download and run malware. Since the firmware is a closed package that only accepts barix software and SSH or Shell connection are not possible, the installation of 3rd party software is not possible. The only application running on the device is the RetailPlayer software changing this is not possible. To catch any virus or trojan is also not possible since every access to the system is closed.