A new media report from 404 Media details how scalpers have reverse-engineered Ticketmaster’s ‘non-transferable’ tickets—what is going on with live ticketing?
A lawsuit filed by AXS in a California court revealed the battle that’s underway between Ticketmaster and ticket scalpers. 404 Media details how scalpers have cracked the code behind the tickets, generating entry barcodes on parallel infrastructure that the scalpers control. These tickets can then be sold and transferred to unwitting customers who think they bought legitimate resold tickets.
404 Media writes: “Scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS.”
The lawsuit reviewed by the media outlet says scalpers are delivering counterfeit tickets to these unsuspecting customers, “created, in whole or in part by one or more of the defendants illicitly accessing and then mimicking, emulating, or copying tickets from the AXS Platform.” The lawsuit accuses these scalper services of hacking, but states that AXS does not know how they are doing it.
In the vast majority of cases, these tickets scan as genuine at the venue’s gates—allowing a counterfeit ticket inside. 404 Media spoke with two security researchers who reverse engineered the Ticketmaster barcode generation process, showcasing how these scalpers are able to rip-off genuine tickets. Both Ticketmaster and AXS use a system of rotating barcodes to keep the ticket fresh and unable to be transferred. You can’t take a screenshot of this ticket and enter the venue, since the barcode changes every few seconds.
One of the security researchers published his findings on his blog in February and was later approached by ticket scalpers who asked him to build a ticket transfer system. Scalpers host these tickets on their own websites and apps—sharing links to them with their unknowing customers and avoiding popular secondary marketplaces.
The case reveals that scalpers have found a way to circumvent the anti-scalping mechanisms that ticketing giants like Ticketmaster and AXS are employing. Non-transferable tickets usually cannot be transferred from one Ticketmaster account to another—this process bypasses that step entirely.
The lawsuit was discovered by fans of DJ Fred Again who were concerned that their ticket purchases were not legit. The lawsuit is by AXS against an entity calling itself ‘secure.tickets’, but also includes several other supposed ticket scalper brokers.
“At least two of the defendants have also represented to customers that they are using AXS’s proprietary technology to sell, resell, deliver, or transfer tickets, when they are in fact circumventing AXS technology,” the lawsuit reads. “Defendants operate in the shows of the internet. In some instances, defendants have gone to great lengths to conceal their identities.”
How Did Scalpers Reverse Engineer SafeTix?
The security researcher’s blog post about the process reveals that the process of generating the tickets works essentially like two-factor authentication. Ticketmaster shares a secret, unique token with the ticket purchaser. This token can be used to generate a new ticket every fifteen seconds based on the time of day. Extracting this unique token from the Ticketmaster app or desktop website means it can be exported to a third-party platform and treated like a genuine ticket.
“[The] token string is the ticket, as far as the venue staff at the gates are concerned,” the researcher writes. “[The token can be used to] generate valid PDF417 barcodes, indistinguishable from the official Ticketmaster app. Short of checking photo IDs at the entry gate, the venue staff can’t tell whether the person at the gate is the same person who the ticket is registered to on Ticketmaster.”
Checking references to secure.tickets on websites like reddit reveals a bevvy of fans who are concerned about the tickets.
“I do have the blue moving barcodes on both of my tickets but I’m reading that I don’t technically own them and the seller could possibly resell the same link? This show requires planes, trains and automobiles so I cannot show up to the venue with fake tickets,” reads one post inquiring about the service. People in the comments confirm they’ve purchased from the service and the tickets were ‘legit’—which means they worked at the gate. Another writes: “The tickets were legit. Secure.tickets is a real thing.”
Fans asking about Blink-182 tickets on reddit inquire to the sketchy nature of the buying process, saying they purchased theirs on StubHub. “I’m in this boat after just buying some tickets. I received am email from Secure Tickets with a Secure Tickets (not Ticketmaster) link to my tickets. The tickets have a bar code with the blue line that moves back and forth. I see no way to add them to a digital wallet. Sounds like others have gotten in with similar tickets. Do these sound legit?”
The same commenter responds to someone asking if they were able to get into the concert with their Secure.Tickets purchase. “Yes, I got in with no problems. With that confidence I also bought a floor ticket and went night 2. Same blue scanner ticket. It again worked with no problems.”
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : DigitalMusicNews – https://www.digitalmusicnews.com/2024/07/11/ticketmaster-tickets-reverse-engineered/