In September last year, a scandal blew up the world of high-stakes, livestreamed poker: In a hand at Las Vegas’ Hustler Live Casino, which broadcast its games on YouTube, a relative novice holding nothing but a jack of clubs and a four of hearts successfully called the bluff of a veteran player. No one could possibly think that poor hand might be good enough to call a bluff, thousands of outraged poker players argued, unless the person holding it had some extra knowledge that her opponent's hand was even worse—in other words, she must have been cheating.
Three months later, Hustler Live Casino published a postmortem of its investigation into the incident, finding “no credible evidence” of foul play. It also noted that if there were cheating, it was most likely some sort of secret communication between the player and a staff member in the production booth who could see the players' hands in real time. But when Joseph Tartaro, a researcher and consultant with security firm IOActive, read that report, he zeroed in on one claim in particular—a statement ruling out any possibility that the automated card-shuffling machine used at the table, a device known as the Deckmate, could have been hacked. “The Deckmate shuffling machine is secure and cannot be compromised,” the report read.
To Tartaro, regardless of what happened in the Hustler Live hand, that assertion of the shuffler's perfect security was an irresistible invitation to prove otherwise. “At that point, it's a challenge,” Tartaro says. “Let's look at one of these things and see how realistic it really is to cheat.”
Today, at the Black Hat security conference in Las Vegas, Tartaro and two IOActive colleagues, Enrique Nissim and Ethan Shackelford, will present the results of their ensuing months-long investigation into the Deckmate, the most widely used automated shuffling machine in casinos today. They ultimately found that if someone can plug a small device into a USB port on the most modern version of the Deckmate—known as the Deckmate 2, which they say often sits under a table next to players’ knees, with its USB port exposed—that hacking device could alter the shuffler’s code to fully hijack the machine and invisibly tamper with its shuffling. They found that the Deckmate 2 also has an internal camera designed to ensure that every card is present in the deck, and that they could gain access to that camera to learn the entire order of the deck in real time, sending the results from their small hacking device via Bluetooth to a nearby phone, potentially held by a partner who then could then send coded signals to the cheating player.
In sum, their shuffler hacking technique gives a cheater “100 percent full control,” says Tartaro, who demonstrates IOActive’s findings in the video below. “Basically, it allows us to do more or less whatever we want … We can, for example, just read the constant data from the camera so we can know the deck order, and when that deck goes out into play, we know exactly the hand that everyone is going to have.”
Source link