Some researchers by ESET revealed the existence of a problem security in an application of the Cirque du Soleil, on “Toruk - The First Flight”. The specific application was designed to enhance audience interaction through audiovisual elements. However, according to the researchers, when designing the application, little attention was paid to safety.
One of ESET's researchers, Lukáš Štefanko, discovered that "Whoever was associated with network, during the show, had the same management rights as the Cirque du Soleil operators. ”This means that hackers could also have administrative rights.
The application does not have authentication protocols. As a result, an open port - the 6161 port - could be used by hackers to remotely control the application that runs Toruk. The hackers they could make changes in volume, show specific content, and more.
An attacker could perform a scan to collect the IP addresses of vulnerable devices.
ESET tried to inform Cirque du Soleil in March and May, but received no response.
The researchers decided to reveal their findings publicly today, after the Toruk show was completed. The application is no longer required and needs to be uninstalled immediately.
The Cirque du Soleil team stated that it took into account the implementation risks. However, she felt they were not very serious. Instead, the damage that could be caused to the show, after five years of touring around the world, would be much greater if the application was removed earlier.