Protecting Music Festival-goers from Cyber Threats.

The move towards paperless and cashless music festivals has resulted in an increasing reliance on cloud infrastructure. With this shift to a fully digital environment, the threat from cyber criminals is also increasing. How can organisers take steps to protect festival-goers from potential cyber threats, from the ticketing process through to physical on-site presence.

Up to 95% of all music festivals can now be considered ‘cashless and cloud-native’, making them a prime target for phishing, credential harvesting and other digital criminal activity. Most festival organisers provide site wide Wi-Fi access for festival-goers, vendors and anyone else on a site. Any public Wi-Fi can be vulnerable to attack, so it is essential that organisers take necessary steps to keep the digital environment secure.

Cashless Payments and RFID Security.
Most music festivals operate with digital wallets contained in RFID wristbands that enable cashless payments and access control. Aside from allowing access to different zones on a festival site, most digital wallets have funds added to them by the user. When transactions take place with vendors, the wristband is scanned to take funds from the digital wallet. However, threats can come from relay attacks where a nearby high-powered reader can skim the wristband funds. Incorporating Time-of-Flight (ToF) technology can measure the time a signal takes to travel, if it takes too long (indicating a relay) the transaction is blocked.

Rouge Wi-Fi networks.
Often referred to as an ‘Evil Twin’ attack hackers set up high-gain antennas near the festival site that broadcast a ‘Free Festival Wi-Fi’ service. If festival-goers inadvertently connect to this rouge network, it enables a ‘man in the middle’ attack where packet sniffing allows hackers to access all mobile device traffic including login details and access to banking apps for example. Official festival site Wi-Fi networks usually use WPA3 encryption along with OAuth 2.0 where users are required to login via the official festival app.

Juice Jacking.
Many festival sites install phone charging stations which usually require users to connect via a data ready USB port to charge devices. These public USB ports can be at high risk if criminals have access to them because there are opportunities to inject malicious malware onto connected devices. This can provide access to photos, contacts, and other data on an infected device. Festival organisers should get assurances from charging station operators that their facilities are safe to use or as a minimum advise festival-goers to use a USB Data Blocker hardware attachment when using any public charging service.

Ticketing.
Most ticketing platforms are very secure, but the incidence of fake websites and phishing scams still prevail. These potential risks for ticket buyers occur more frequently for popular festivals that quickly sell out, resulting in high demand for tickets. It is common to see social media ticket resale scams or phishing emails that are purported to be from organisers. Festival-goers should only use reputable ticketing platforms that utilise the latest in cybersecurity protocols. Organisers should always state the official source for ticket sales, both new and resale. Any fake websites or social media pages should be monitored by organisers who can inform operators to take them down or remove them promptly. QR codes are known as presenting high risks for users when scanning, so organisers should be using dynamic or rotating codes to prevent misuse.

Security Protocols.
There are a number of cyber security protocols that festival organisers should implement to protect festival-goers as much as possible. An audit of current and potential risks can help to build a robust security plan that protects organisers, festival-goers and vendors from external threats. A cyber safety education communication plan will help provide guidelines on preventing unwanted access to devices with channels for users to report any suspicious activity. Organisers should secure their Wi-Fi services and work with vendors to ensure that RFID systems are encrypted and that POS systems meet security compliance standards. Electronic wallets should be secured with PIN or biometric protection along with transaction alerts and the ability to freeze an account if suspicious activity is detected. Implementing robust cyber security protocols will help to keep festival-goers safe as long as stated procedures are followed.

For festival organisers planning their next event using a software management platform like Festival Pro gives them all the functionality they need manage every aspect of their event logistics. The guys who are responsible for this software have been in the front line of event management for many years and the features are built from that experience and are performance artists themselves. The Festival Pro platform is easy to use and has comprehensive features with specific modules for managing artists, contractors, venues/stages, vendors, volunteers, sponsors, guestlists, ticketing, site planning, cashless payments and contactless ordering.

Image by TheDigitalArtist via Pixabay

<< Back to articles