One of ESET's researchers, Lukáš Štefanko, discovered that "Whoever connected with it network, during the show, had the same management rights as the Cirque du Soleil operators. "This means that hackers could also have administrator rights.
The application does not have authentication protocols. As a result, an open port - the 6161 port - could be used by hackers to remotely control the application that runs Toruk. The hackers they could make changes in volume, show specific content, and more.
An attacker could perform a scan to collect the IP addresses of vulnerable devices.
ESET tried to inform Cirque du Soleil in March and May, but received no response.
The researchers decided to reveal their findings publicly today, after the Toruk show was completed. The application is no longer required and needs to be uninstalled immediately.
The Cirque du Soleil team stated that it took into account the implementation risks. However, she felt they were not very serious. Instead, the damage that could be caused to the show, after five years of touring around the world, would be much greater if the application was removed earlier.
How useful was this post?
Average rating / 5. Vote count: