Infected Consoles, Oh My!
If you’re a digital console user or think you’ll ever use one, this affects you.
A couple weeks ago, after updating one of our consoles to the latest software, I had a strange error message pop-up. Avid tech support responded that it might be a virus. I figured they were nuts, but I still went ahead and installed a virus scanner in my Windows virtual machine that I run on my Mac laptop.
It immediately came up positive for a trojan. My USB drives got checked next, and my two main drives also came up positive.
My first thought was there’s no way this could happen to us. There’s no way this could happen to me. I only use Windows these days in a virtual environment, and I never touch the internet with it. How could my USB drives have been exposed to a virus?
Then it hit me that my drives have been used in some other places that might have been exposed.
This year I’ve started doing more freelance work which has exposed me to other people’s consoles, and I suppose I could have easily picked it up through one of those. Or maybe I got it off a client’s computer while I was doing some PA work with their system DSP; so much for backing up the work I did for them.
But maybe it didn’t get in from one of my drives. Maybe one of the engineers we’ve contracted had an infected drive. Or maybe a contractor at another campus infected that campus’ consoles, and a staff member came up for an event and inadvertently infected one of our consoles. Then I spread it around the 4 consoles I maintain.
The unfortunate reality is that there’s just no telling exactly when or how a virus got into our consoles. It’s just a mess that needed cleaning up.
This could just as easily happen to you. If you use digital consoles and USB drives with them, I think you should assume at this point that you are at risk. In fact, if you use a USB drive that gets used in multiple machines, you are probably at risk. So here’s what I recommend:
After I cleaned my USB drives, I started on the consoles. I backed up all the show files from each desk onto a clean USB drive which became infected in the process so that drive then needed cleaning. Then I wiped each console and reinstalled everything. Normally I can do a full system restore including plugin installations in about 20-30 minutes, but this took me just about an entire day since I was taking extra precautions with USB drives.
The good news for us is that the latest version of the software for the VENUE adds some safeguards to make it harder to get hit with a virus, but I don’t know if that’s the case for all console manufacturers. I know it’s working on VENUE, though, because not long after I cleaned up our consoles, a visiting engineer used an infected drive in a console before I could scan it. This time our console stayed clean, though.
So I’m starting to take new precautions on this. So far I’ve communicated to our current team not to use USB drives in our consoles unless I’ve scanned the drive, and for the most part that’s been working out. I’ve taped up the USB ports on our desks to serve as a reminder for the guys, but I’ll probably look into a hardware solution to block port access after New Year’s. That might seem like overkill to some of you, but I don’t want to take any chances with our consoles because in my world losing a FOH console has the potential to not just affect the room it’s in, but all of our auditoriums across all our campuses.
As I’ve said, if you’re using USB drives with your console, you are at risk now and I would guess this risk is only going to grow over time. Take precautions with the USB drives you use. Scan things on a regular basis and build it into your workflow. If you’re careful, you’ll probably be OK. But if you let your guard down like me because you work primarily in a Mac world these days, you might also get bitten just like me.
Thanks for this reminder, Dave.
I’m not sure how far up the OSI network stack most digital consoles are, but if they reach a point where AVB or other protocol that can share network hardware and the first few levels of software with your general office network do coexist, and the consoles offer sharing files over TCP/IP with the rest of the network, that will be a potential infection vector as well if the connected network has an incident. I’m really not in favor of connecting the show network to anything it doesn’t have to be.