The MSG Sphere in Las Vegas has entranced the world in the lead-up to its opening. The media have delved into its scale and how the project changes entertainment as we know it. Advertising pundits have conjured figures on the revenue that the world’s largest video screen will potentially bring its creators.
Indeed, the Sphere grabs and holds attention instantly, making it the perfect medium for threat actors with a manifesto or daredevil hackers. But what would it take to hack the eye on the ground?
Can the MSG Sphere Be Hacked?
The Sphere is a 300 ft eyeball comprising 1.2 million programmable LED screens that cover an area of 580,000 sq ft. The structure relies heavily on technology and people to create visual spectacles. Neither man nor technology is perfect. So the MSG Sphere can be hacked.
Billboard hacks are relatively common. In November 2022,The Guardianreported that a digital billboard in Brisbane was hacked, and the LED screens were programmed to display inappropriate content. Similar events happened with billboards in Taiwan in August 2022 (via ABC), as well as a billboard on I-75 in Michigan in September 2019, as reported byMashable.
How Would Attackers Hack the MSG Sphere?
A successful hack of the Sphere would involve cyberattackers gathering information on the IT infrastructure and the team at the dome. With this info, they can find and exploit vulnerabilities using tactics that typically follow theMITRE ATT&CK Framework. Based on this framework, we expect attempts to hack the Sphere to involve two or more broad methods.
Reconnaissance
Here, hacks gather information on the digital infrastructure that props up the MSG Sphere. That would include the hardware, software, and people who make them work. Reconnaissance could start simple, with the Sphere’s LED manufacturer,SACO Technologies, and their products.
Retail purchases of LED screensfor hardware hackingwould prove too much of a hassle and probably leave a trail. So, hacker interest would go into the employees of SACO, targeting persons who could potentially have access to product blueprints. Of course, employees or contractors of Madison Square Garden (MSG) Entertainment, particularly persons who work on the project, would also be persons of interest during reconnaissance.
Onsite Hacking
Onsite hacking of the Sphere could get hackers closer to their target, but this would be challenging because onsite hacking requires specialized hardware. The organizers of events at the Sphere already have rules that prevent guests from entering the venue with certain electronic devices and large bags. Smartphones are apparently permitted onsite. Even if a resourceful hacker manages to sneak in hardware, odds are it’ll be too far out of range to be useful.
Wardriving and Remote Hacking
Remote hacking and wardriving remain attackers' best bet to hack the Sphere, although it doesn’t make the feat any easier. Wardriving could help find unsecured wireless networks and devices around the structure.
Remote hacking would mostly involve phishing and social engineering attacks directed at IT personnel at the Sphere. Network misconfigurations, unpatched vulnerabilities in software or hardware, andweak or stolen credentialscould be chinks in the spherical armor.
Another possibility isDDoS attacksto compromise the website’s servers and create a chance for lateral movement. However, this form of attack is less likely to deliver the LED screens, as booking happens on Ticketmaster. A DDoS on Ticketmaster would merely be a nuisance.
Is Hacking the MSG Sphere Possible?
The MSG Sphere is heavily dependent on programmable tech. So it is not immune to cyberattacks. However, the overt and covert security measures MSG Entertainment implemented to prevent cyberattacks on the Sphere would discourage many a hacker. A successful hack would be resource-intensive and short-lived but the talk of town.
