In the wake of last summer’s scandal over a poker win at the Hustler Live Casino in Los Angeles, security consultancy IOActive evaluated the possibility that poker cheaters could hack into the Deckmate 2, the most widely used card shuffler in the business, to ascertain the cards in opponents’ hands.
On August 9 at the Blak Hat security conference in Las Vegas, IOActive’s Joseph Tartaro, Enrique Nissim and Ethan Shackelford, in a presentation on the results of their investigation, demonstrated how a hacker could, in fact, tap into the shuffler’s database to find the exact order of cards to be shuffled.
The investigation was launched after the card club found no evidence of cheating when a player holding a Jack of clubs successfully bluffed to a win. IOActive took up the issue, and found that if someone can plug a small device into a USB port on the Deckmate 2, “which they say often sits under a table next to players’ knees, with its USB port exposed—that hacking device could alter the shuffler’s code to fully hijack the machine and invisibly tamper with its shuffling,” according to a report in Wired.
The researchers also found that the Deckmate 2 has an internal camera designed to ensure that every card is present in the deck, and that “they could gain access to that camera to learn the entire order of the deck in real time, sending the results from their small hacking device via Bluetooth to a nearby phone, potentially held by a partner who then could then send coded signals to the cheating player,” according to the report.
The researchers concluded that such a device would give a cheater “100 percent full control.”
“Basically, it allows us to do more or less whatever we want,” said Tartaro, according to Wired. “We can, for example, just read the constant data from the camera so we can know the deck order, and when that deck goes out into play, we know exactly the hand that everyone is going to have.”
Light & Wonder, which sells the Deckmate 2, responded last week with a statement.
“Neither the Deckmate 2 nor any other L&W automatic card shuffler has ever been compromised on a casino floor,” the statement said. “Furthermore, IOActive’s testing did not identify any defects or design flaws in the Deckmate 2 card shuffler; and IOActive’s testing was performed in a laboratory setting, under conditions which cannot be replicated in a regulated and monitored casino environment.”