In the evolving landscape of digital ticketing, a new challenge has emerged that threatens to disrupt the industry's control over ticket resales. By leveraging the findings of a security researcher only known as Conduition, hackers have managed to reverse-engineer the sophisticated barcode system of Ticketmaster.
Exploiting the Barcode System of Ticketmaster
Hackers have found a way to reverse-engineer Ticketmaster's barcode system, enabling the resale of "nontransferable" digital tickets on other platforms, including AXS.
According to 404 Media, this discovery, made by a security researcher known as Conduition, was disclosed in a lawsuit filed by AXS in May against third-party brokers utilizing this method.
In February, the security researcher shared technical details on how Ticketmaster generates its electronic tickets. Ticketmaster and AXS lock ticket resales within their platforms, preventing transfers to third-party services like SeatGeek and StubHub. They often further restrict transfers for high-priority events, even within the same platform.
While companies argue that this practice is purely for security reasons, it also conveniently allows them to regulate how and when tickets are resold, maintaining control over the resale market.
Ticketmaster and AXS design their "nontransferable" tickets with rotating barcodes that update every few seconds, making screenshots and printouts unusable. This technology is similar to what two-factor authentication apps use.
Additionally, the barcodes are created just before the event begins, minimizing the time they can be shared outside the apps. By doing this, these platforms ensure that ticket buyers are confined to their own resale services, maintaining complete control over the ticket resale market.
Hackers have exploited Conduition's published findings to extract secret tokens from Ticketmaster and AXS using an Android phone connected to Chrome DevTools on a desktop PC.
These tokens enable them to create a parallel ticketing system that generates genuine barcodes on other platforms. That allows them to sell valid tickets on sites Ticketmaster and AXS don't authorize. Reports suggest that these tickets often work at event entrances.
Legal Battle
AXS has filed a lawsuit against the defendants, accusing them of selling tickets that are described as counterfeit, even though they generally work. The court documents claimed these parallel tickets were produced by the defendants who illicitly accessed the AXS platform and then mimicked, emulated, or copied the original tickets.
AXS' lawsuit indicates the company is unsure how the hackers achieved this feat. The potential profits from effectively bypassing Ticketmaster's restrictions are so high that several brokers have allegedly attempted to hire Conduition to create their own parallel ticket-generating systems.
Some services that have already been established using the researcher's insights include Amosa App, Secure.Tickets, Virtual Barcode Distribution, and Verified-Ticket.com.
The hacking of Ticketmaster's barcode system is a significant development for digital ticketing. Hackers have found weaknesses in the security meant to control ticket resales, which could change how tickets are bought and sold.
Companies like Ticketmaster and AXS are trying to maintain control by improving technology and taking legal action, but hackers are constantly finding new ways around their defenses.
It will be important to watch this ongoing battle between keeping transactions secure and allowing more freedom in reselling tickets. The industry will need to find a balance between security and giving people fair access to tickets.
Related Article : Ticketmaster Antitrust Lawsuit Sparks Optimism for Ticketing Startups