Professional Audio over IP Security: The Risk Most Organisations Still Underestimate

By Luke, Co-Founder and Technology Leader, CMC Consultancy Partners

Introduction

For years, audio networks were treated as functionally separate from cyber risk. That assumption no longer holds.

Modern audio infrastructures now operate on standard Ethernet, share switching infrastructure with IT systems, rely on discovery protocols, and depend on precise timing synchronisation. Protocols such as Dante, AES67, AVB/MILAN and NDI enable powerful, flexible deployments — but they do not inherently provide security.

It is important to be clear from the outset. This is not a criticism of any protocol or manufacturer. Dante, AES67, AVB/MILAN and NDI are well-engineered solutions that solve real operational problems. Manufacturers including Audinate provide guidance on secure deployment and tools such as Dante Domain Manager that introduce authentication and access control. Security capabilities exist within these ecosystems, but they are not always implemented or enforced in practice.

The risk addressed in this article is not in the protocol itself — it is in how these systems are deployed in the real world, on networks that were not designed to support them securely.

Most vulnerabilities arise not from sophisticated attacks, but from normal operational behaviour in poorly controlled environments.

Discovery — Visibility Equals Exposure

Protocols such as Dante and NDI rely on discovery mechanisms — typically mDNS and multicast — to identify devices and build connections automatically.

In practice, this means any device on the same network segment can rapidly build a picture of the entire audio system. Once visibility is achieved, an unauthorised user may be able to identify signal paths and critical devices, and depending on configuration, may be able to subscribe to audio streams or interfere with signal routing.

Operationally, this may present as unexpected routing behaviour, audio appearing in incorrect locations, or loss of signal on critical paths. The system is not compromised through exploitation — it is being interacted with using normal protocol behaviour, but without authorisation.

In a live concert environment this could mean backing tracks or in-ear monitor mixes being accessed or disrupted mid-performance. In a corporate AV installation, it could mean confidential boardroom audio being visible to other devices on the same network. In a house of worship with a permanent installation, unintended routing could result in the wrong microphone feeding the main system — with no obvious cause visible to the operator.

Illustrative case — University network exposure

In one university deployment, audio devices were connected to existing network switches that also supported wider IT services. During integration, discovery and management services became visible beyond the intended network boundary due to the way the infrastructure was configured.

This did not result in a breach, but it created unintended exposure of services externally. The firewall ultimately prevented unauthorised access, but the situation highlighted a key issue — the audio system was operating as designed, while the network architecture did not fully account for how those services would behave.

Timing Synchronisation — When Audio Degrades Instead of Fails

Audio over IP systems depend on precise timing using PTP (IEEE 1588).

If timing integrity is disrupted, the system does not fail cleanly — it degrades. Typical symptoms include clicks and pops, intermittent dropouts, phase inconsistencies and loss of synchronisation between devices.

In live environments, this type of degradation is frequently misdiagnosed as hardware or configuration failure. Engineers will typically investigate cabling, firmware or device stability long before considering timing interference or network-related causes.

At a large-scale live event — a festival, corporate conference or theatre production — timing instability presents as a technical fault. The engineering team may spend critical time troubleshooting equipment while the issue persists. The reputational and commercial consequences can be significant, particularly where performances or live broadcasts are affected.

Importantly, these conditions are rarely identified as security-related because they do not present as a conventional failure — they present as instability.

Management Control — System-Wide Impact

Tools such as Dante Domain Manager introduce authentication, segmentation and role-based control — representing a significant improvement in how audio networks can be governed.

However, if administrative access to these systems is compromised, they provide centralised authority over the entire audio environment.

With sufficient access, it is possible to:

• Modify routing across multiple devices

• Disconnect or isolate endpoints

• Change domain membership

• Restrict or remove legitimate operator access

In a live environment, this could result in loss of control of the system within seconds. For a touring production, this may mean a show stopping mid-performance with limited ability to recover quickly. In a fixed installation such as a stadium, transport hub or airport, it could impact public address functionality, including operational or emergency communications.

In each case, the impact is immediate and visible — and originates from control of the system, not failure of the equipment.

Multicast and Network Load — Denial of Service in Practice

Audio over IP systems rely heavily on multicast traffic for efficient stream distribution.

Where multicast is poorly managed — or where other systems share the same infrastructure without appropriate controls — network saturation can occur. This leads to packet loss, increased latency and instability across connected devices.

In live environments, this typically presents as progressive degradation. Audio may begin cleanly but deteriorate as system load increases. In installed systems, the same issue may appear intermittently, making it difficult to diagnose and often leading to repeated hardware replacement or reconfiguration.

Real-world case — Industrial paging system dropout

An industrial facility operating a six-zone paging system experienced intermittent dropouts across all zones. Initial diagnosis pointed to a faulty paging microphone.

On investigation, the root cause was unrelated to the audio system. Multicast video streams from a CCTV system were saturating 1Gbps fibre links between network switches, creating a bottleneck that intermittently disrupted audio traffic.

Upgrading the inter-switch links to 10Gbps resolved the issue completely. No audio equipment was faulty. The issue was a network constraint presenting as an AV fault — a common scenario where responsibilities between disciplines are not clearly defined.

Attack Path — How It Actually Happens

Exploiting an audio over IP network does not necessarily require advanced techniques.

A typical path may involve:

• Gaining network access via a physical port or shared WiFiinfrastructure

• Observing device discovery traffic via multicast or mDNS

• Identifying devices, roles and signal paths

• Subscribing to or analysing audio streams where access is permitted or insufficiently restricted

• Introducing additional traffic or interfering with signal flow

• Escalating via management systems if administrative interfaces are accessible

No traditional exploit is required — only network presence and an understanding of how the system operates.

This could involve a contractor connecting to an available port, a user on a shared network segment, or an individual with prior knowledge of the system. The barrier to entry is often lower than expected.

Deployment Reality — The VLAN Challenge

Typical deployments often rely on implicit trust — flat networks, open discovery and limited access control.

Secure deployments require deliberate design:

• Segmentation between audio, control and wider IT systems

• Access control at the network edge

• Managed discovery and visibility boundaries

• Monitoring of network behaviour and traffic patterns

Manufacturers consistently recommend isolating audio systems within controlled network environments. This remains valid guidance.

However, modern deployments increasingly rely on connectivity for cloud-based management, remote monitoring and firmware updates. As a result, complete isolation is less common, and boundaries between systems are often more porous than intended.

Most systems are not insecure by design. They are insecure by implementation — operating in environments that have evolved beyond the assumptions made at the time of installation.

Additional Real-World Case — Education Environment (Segmentation Failure)

In an education environment in the UK, a networked public address system using IP-based audio modules was deployed on infrastructure that was described as segmented.

In operation, the system experienced intermittent audio dropouts and devices periodically disconnecting from the network. These issues were initially treated as faults within the audio system.

On review of the network, it became clear that segmentation was not effectively implemented. The audio system was operating on infrastructure that was shared with general user traffic, including large numbers of student devices.

During periods where students logged into online learning platforms, network demand increased significantly. This coincided directly with the observed audio instability — confirming that the issue was not with the audio system itself, but with the underlying network design.

More concerning was the level of visibility across the network. From the same environment, it was possible to observe and access services well beyond the audio system, including:

• End-user devices such as student tablets

• Administrative systems used for school operations

• Systems handling financial transactions (e.g. payments for meals or activities)

This extended to access to systems containing sensitive information, highlighting a broader issue — not just of performance, but of data exposure and safeguarding risk.

The key point is not the specific technologies involved, but the assumption that segmentation had been implemented when, in practice, it had not been enforced effectively.

The audio issues were the symptom.
The underlying problem was network architecture and lack of isolation between systems of differing sensitivity.

Conclusion

The question is no longer whether the system works.

It is whether it remains controlled, predictable and secure under real-world conditions — on networks that were not originally designed to carry it, alongside systems that were never intended to share the same infrastructure.

The examples described in this article are not unusual. They reflect conditions encountered across professional audio environments on a regular basis. In some cases, issues are avoided through good fortune or partial controls. In others, time and cost are spent addressing symptoms rather than root causes.

CMC provides the expertise to assess, design and secure audio over IP systems — ensuring they are not just functional, but resilient, controlled and fit for the environments in which they now operate.