{"id":3463,"date":"2019-07-02T12:01:10","date_gmt":"2019-07-02T09:01:10","guid":{"rendered":"https:\/\/blog.eset.ee\/?p=3463"},"modified":"2019-07-02T12:01:12","modified_gmt":"2019-07-02T09:01:12","slug":"eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app","status":"publish","type":"post","link":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/","title":{"rendered":"ESET discovers vulnerability in a Cirque du Soleil mobile app"},"content":{"rendered":"\n

The famous Cirque du Soleil show Toruk,\nwhich held its final performance last night \u2013 on June 30 \u2013 was enhanced with a\nmobile app that made users\u2019 mobile devices vulnerable. The app, named \u201cTORUK \u2013\nThe First Flight,\u201d provided a means for the audience to\nbe part of the show via audiovisual effects generated on their mobile devices. <\/p>\n\n\n\n

\u201cIt appears that the TORUK app wasn\u2019t designed with security in\nmind. As a result, anyone who was connected to the network during the show had\nthe same admin possibilities as the Cirque du Soleil operators,\u201d explains Luk\u00e1\u0161\n\u0160tefanko, the ESET security researcher who analyzed the app.<\/p>\n\n\n\n

The \u201cTORUK \u2013 The First Flight\u201d app has over 100,000 installs on Goggle Play; there is also a version for iOS. With the end of the TORUK show, the app is no longer being marketed, and Cirque du Soleil\u2019s staff said they would pull it from both the Android and Apple official app stores. <\/p>\n\n\n\n

\"\" <\/p>\n\n\n\n

Cirque du Soleil promoted\nthe \u201cTORUK \u2013 The First Flight\u201d app on\ntheir website<\/em><\/p>\n\n\n\n

When this app is running, it opens a local port so that it is\npossible to remotely change volume settings, discover nearby Bluetooth devices\nif Bluetooth is on, display animations, set the position of the \u201cLike\u201d Facebook\nbutton on the device, and read or write to shared preferences that are\naccessible to the app. <\/p>\n\n\n\n

\u201cThe problem is that the app has no authentication protocol in\nplace. An adversary can scan the network and get the IP addresses of devices\nwith the defined port opened \u2013 port 6161 \u2013 and send commands to all devices\nrunning the app,\u201d explains \u0160tefanko.<\/p>\n\n\n\n

According to \u0160tefanko, making the app resistant against this type of\nattack would have been simple. \u201cIf the app generated a unique token for each\ndevice, then it would be impossible to access all the devices en masse, without\nany authentication.\u201d<\/p>\n\n\n\n

After the show, all the devices with this app installed remain\nvulnerable, so its users may experience unpleasant surprises at any point in\nthe future if they are connected to a public network. <\/p>\n\n\n\n

\u201cThose who installed this app should uninstall it immediately. By\nthe way, we highly recommend doing that with all single-purpose apps,\u201d\nconcludes \u0160tefanko.  <\/p>\n\n\n\n

For more a detailed analysis, read Luk\u00e1\u0161 \u0160tefanko\u2019s blogpost<\/a> \u201cA great show is now history, as is its insecure mobile app\u201d at ESET Android App Watch.<\/p>\n\n\n\n

About ESET<\/strong><\/p>\n\n\n\n

For 30 years, ESET\u00ae<\/a>\u00a0has been developing industry-leading IT security software and services for businesses and consumers worldwide. With\u00a0solutions ranging from endpoint and mobile security to encryption and two-factor authentication, ESET\u2019s high-performing, easy-to-use products give consumers and businesses the peace of mind to enjoy the full potential of their technology.\u00a0ESET unobtrusively protects and monitors 24\/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D centers worldwide, ESET has become the first IT security company to earn 100 Virus Bulletin VB100<\/a> awards, identifying every single \u201cin-the-wild\u201d malware without interruption since 2003. For more information, visit\u00a0www.eset.com<\/a>\u00a0or follow us on\u00a0LinkedIn<\/a>,\u00a0Facebook<\/a>\u00a0and Twitter<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

The famous Cirque du Soleil show Toruk, which held its final performance last night \u2013 on June 30 \u2013 was enhanced with a mobile app that made users\u2019 mobile devices vulnerable. The app, named \u201cTORUK \u2013 The First Flight,\u201d provided a means for the audience to be part of the show via audiovisual effects generated<\/p>\n","protected":false},"author":5,"featured_media":3467,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[141],"tags":[],"class_list":["post-3463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android"],"acf":[],"yoast_head":"\nESET discovers vulnerability in a Cirque du Soleil mobile app - ESET Eesti Blogi<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ESET discovers vulnerability in a Cirque du Soleil mobile app\" \/>\n<meta property=\"og:description\" content=\"The famous Cirque du Soleil show Toruk, which held its final performance last night \u2013 on June 30 \u2013 was enhanced with a mobile app that made users\u2019 mobile devices vulnerable. The app, named \u201cTORUK \u2013 The First Flight,\u201d provided a means for the audience to be part of the show via audiovisual effects generated\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/\" \/>\n<meta property=\"og:site_name\" content=\"ESET Eesti Blogi\" \/>\n<meta property=\"article:publisher\" content=\"http:\/\/www.facebook.com\/antiviirus\" \/>\n<meta property=\"article:published_time\" content=\"2019-07-02T09:01:10+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-07-02T09:01:12+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"922\" \/>\n\t<meta property=\"og:image:height\" content=\"614\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"ESET Blog\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"ESET Blog\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/\"},\"author\":{\"name\":\"ESET Blog\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"headline\":\"ESET discovers vulnerability in a Cirque du Soleil mobile app\",\"datePublished\":\"2019-07-02T09:01:10+00:00\",\"dateModified\":\"2019-07-02T09:01:12+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/\"},\"wordCount\":524,\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg\",\"articleSection\":[\"android\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2019\",\"copyrightHolder\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/\",\"name\":\"ESET discovers vulnerability in a Cirque du Soleil mobile app - ESET Eesti Blogi\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg\",\"datePublished\":\"2019-07-02T09:01:10+00:00\",\"dateModified\":\"2019-07-02T09:01:12+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#primaryimage\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg\",\"contentUrl\":\"https:\\\/\\\/blog.eset.ee\\\/wp-content\\\/uploads\\\/2019\\\/07\\\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg\",\"width\":922,\"height\":614},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ESET discovers vulnerability in a Cirque du Soleil mobile app\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/\",\"name\":\"ESET Eesti Blogi\",\"description\":\"Uudised IT maailmast\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/#\\\/schema\\\/person\\\/876cf293277fc0b2ae2f4395fffe4c88\",\"name\":\"ESET Blog\",\"sameAs\":[\"http:\\\/\\\/eset.ee\"],\"url\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/author\\\/allankinsigo\\\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blog.eset.ee\\\/et\\\/en\\\/2019\\\/07\\\/02\\\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\\\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"ESET EESTI\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ESET discovers vulnerability in a Cirque du Soleil mobile app - ESET Eesti Blogi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/","og_locale":"en_US","og_type":"article","og_title":"ESET discovers vulnerability in a Cirque du Soleil mobile app","og_description":"The famous Cirque du Soleil show Toruk, which held its final performance last night \u2013 on June 30 \u2013 was enhanced with a mobile app that made users\u2019 mobile devices vulnerable. The app, named \u201cTORUK \u2013 The First Flight,\u201d provided a means for the audience to be part of the show via audiovisual effects generated","og_url":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/","og_site_name":"ESET Eesti Blogi","article_publisher":"http:\/\/www.facebook.com\/antiviirus","article_published_time":"2019-07-02T09:01:10+00:00","article_modified_time":"2019-07-02T09:01:12+00:00","og_image":[{"width":922,"height":614,"url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg","type":"image\/jpeg"}],"author":"ESET Blog","twitter_card":"summary_large_image","twitter_misc":{"Written by":"ESET Blog","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#article","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/"},"author":{"name":"ESET Blog","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"headline":"ESET discovers vulnerability in a Cirque du Soleil mobile app","datePublished":"2019-07-02T09:01:10+00:00","dateModified":"2019-07-02T09:01:12+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/"},"wordCount":524,"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg","articleSection":["android"],"inLanguage":"en-US","copyrightYear":"2019","copyrightHolder":{"@id":"https:\/\/blog.eset.ee\/et\/#organization"}},{"@type":"WebPage","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/","url":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/","name":"ESET discovers vulnerability in a Cirque du Soleil mobile app - ESET Eesti Blogi","isPartOf":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#primaryimage"},"image":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#primaryimage"},"thumbnailUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg","datePublished":"2019-07-02T09:01:10+00:00","dateModified":"2019-07-02T09:01:12+00:00","author":{"@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88"},"breadcrumb":{"@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#primaryimage","url":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg","contentUrl":"https:\/\/blog.eset.ee\/wp-content\/uploads\/2019\/07\/Cirque_du_Soleil_app_vulnerabilities_Image.docx_.jpg","width":922,"height":614},{"@type":"BreadcrumbList","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.eset.ee\/et\/en\/"},{"@type":"ListItem","position":2,"name":"ESET discovers vulnerability in a Cirque du Soleil mobile app"}]},{"@type":"WebSite","@id":"https:\/\/blog.eset.ee\/et\/en\/#website","url":"https:\/\/blog.eset.ee\/et\/en\/","name":"ESET Eesti Blogi","description":"Uudised IT maailmast","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.eset.ee\/et\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.eset.ee\/et\/en\/#\/schema\/person\/876cf293277fc0b2ae2f4395fffe4c88","name":"ESET Blog","sameAs":["http:\/\/eset.ee"],"url":"https:\/\/blog.eset.ee\/et\/en\/author\/allankinsigo\/"},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.eset.ee\/et\/en\/2019\/07\/02\/eset-discovers-vulnerability-in-a-cirque-du-soleil-mobile-app\/#local-main-organization-logo","url":"","contentUrl":"","caption":"ESET EESTI"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/3463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/comments?post=3463"}],"version-history":[{"count":0,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/posts\/3463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media\/3467"}],"wp:attachment":[{"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/media?parent=3463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/categories?post=3463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.eset.ee\/et\/en\/wp-json\/wp\/v2\/tags?post=3463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}