Categories: Gadget

Hackers reverse-engineer Ticketmaster’s barcode system to unlock resales on other platforms


Scalpers have used a security researcher’s findings to reverse-engineer “nontransferable” digital tickets from Ticketmaster and AXS, allowing transfers outside their apps. The workaround was revealed in a lawsuit AXS filed in May against third-party brokers adopting the practice, according to 404 Media, which first reported the news.

The saga began in February when an anonymous security researcher, going by the pseudonym Conduition, published technical details about how Ticketmaster generates its electronic tickets. If you aren’t already familiar with how modern e-ticketing systems work, Ticketmaster and AXS lock ticket resales inside their platforms, preventing transfers on third-party services like SeatGeek and StubHub. (For higher-priority events, they often take it a step further by prohibiting transfers to other accounts on the same platform.)

Although the companies claim the practice is strictly a security measure, it also conveniently allows them to control how and when their tickets are resold. (Yay, capitalism?)

Ticketmaster

Ticketmaster and AXS create their “nontransferable” tickets using rotating barcodes that change every few seconds, preventing working screenshots or printouts. On the back end, it uses similar underlying tech similar to two-factor authentication apps. In addition, the codes are only generated shortly before an event starts, limiting the window for sharing them outside the apps. Without interference from outside parties, the platforms get to lock ticket buyers into their own resale services, giving them vertical control of the entire ecosystem.

That’s where the hackers come in. Using Conduition’s published findings, they extracted the platforms’ secret tokens that generate new tickets, using an Android phone with its Chrome browser connected to Chrome DevTools on a desktop PC. Using the tokens, they create a parallel ticketing infrastructure that regenerates genuine barcodes on other platforms, allowing them to sell working tickets on platforms Ticketmaster and AXS don’t allow. Online reports claim the parallel tickets often work at the gates.

According to 404 Media, AXS’ lawsuit accuses the defendants of selling “counterfeit” tickets (even though they usually work) to “unsuspecting customers.” The court documents allegedly describe the parallel tickets as “created, in whole or in part by one or more of the Defendants illicitly accessing and then mimicking, emulating, or copying tickets from the AXS Platform.”

AXS’ lawsuit claims the company doesn’t know how the hackers are doing it. The promise of essentially jailbreaking Ticketmaster is so lucrative that several brokers have reportedly tried hiring Conduition to help them build their own parallel ticket-generating platforms. Services already operating on the researcher’s findings go by names like Secure.Tickets, Amosa App, Virtual Barcode Distribution and Verified-Ticket.com.

404 Media’s entire story is worth reading. More technically minded folks may take an interest in Conduition’s earlier findings, which illustrate what the ticketing behemoths are doing on their back ends to keep the entire ecosystems in their clutches.



Source link

Washington Digital News

Share
Published by
Washington Digital News

Recent Posts

Maheshri and Winston: “The U.S.’s Decades Long 2nd Great Depression”

In RealClearPolitics, a provocative thesis, from Vikram Maheshri (U. Houston) and Cliff Winston* (Brookings): The…

7 mins ago

Bought Bitcoin at $108,000? Don't Panic

Bitcoin’s price is down over 10% from its all-time high and its critics are taking…

9 mins ago

Stimulus checks of up to $1,400 each are being sent by IRS

© 2024 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance…

10 mins ago

Dire situation in China is one reason for Honda, Nissan merger

“When you look at Honda and Nissan, they’ve been losing the market for some time.”…

15 mins ago

Hard Coatings Market worth $1.7 billion by 2028

 (EMAILWIRE.COM, December 13, 2024 ) The report "Hard Coatings Market by Material Type (Nitrides, Oxides,…

16 mins ago

How the US Supreme Court and Trump could stop a TikTok ban

TikTok is a video-sharing social media platformAnatolii Babii / Alamy A US law banning the…

33 mins ago