Last year, a poker scandal shook the high-stakes, livestreamed poker world, revealing potential cheating involving card-shuffling machines. The incident, broadcast on YouTube from Los Angeles’ Hustler Live Casino, saw an inexperienced player making an improbable call against a seasoned opponent. The uproar over the implausible move led to suspicions of cheating due to a seemingly impossible bluff read. Months later, the casino’s investigation failed to find concrete evidence of foul play. However, this sparked curiosity among security researchers.
Joseph Tartaro, a researcher with IOActive, saw an opportunity to challenge claims that the Deckmate card-shuffling machine used at the casino was invulnerable to hacking. At the Black Hat security conference in Las Vegas, Tartaro and his colleagues, Enrique Nissim and Ethan Shackelford, revealed their extensive investigation into the widely-used Deckmate shuffler. Their research showed that a small device, when connected to the Deckmate 2’s exposed USB port, could manipulate its code to gain full control over the machine, allowing for invisible tampering with the shuffling process.
The researchers also discovered that the Deckmate 2 contained an internal camera to verify card presence in the deck. They determined that this camera’s feed could be accessed, allowing for real-time knowledge of the deck’s order. By sending this information via Bluetooth to a nearby device, a partner could then signal the cheating player, providing an unprecedented advantage.
Tartaro and his team established that this technique granted cheaters absolute control over the shuffler, offering them insight into upcoming hands. While they hadn’t yet perfected the ability to arrange the deck precisely, knowing the card order presented a subtler yet potent cheating strategy, difficult to detect.
The researchers argued that this technique could be applied to various card games, with Texas Hold’em being particularly susceptible due to its widespread popularity. In Texas Hold’em, knowing the card order would enable predicting hands accurately, regardless of subsequent decisions made during the game.
IOActive’s hacking method exploited vulnerabilities in the Deckmate’s design. They found hardcoded passwords in the shuffler’s code, making it difficult to modify or secure these passwords. The most significant vulnerability was discovered in the machine’s firmware, which verified the code’s integrity through a hashing function. IOActive successfully altered this hash value, allowing their cheating code to evade detection during integrity checks.
IOActive reached out to Light & Wonder, the company behind Deckmate, with their findings. In response, Light & Wonder stated that no Deckmate shuffler had ever been compromised on a casino floor and downplayed IOActive’s testing as being performed in a controlled setting. IOActive, however, shared emails suggesting Light & Wonder’s awareness of the issues and their intent to address them.
The researchers acknowledged the potential operational challenges of deploying the hacking technique in a live casino but emphasized its feasibility with careful execution. They demonstrated their method using a Raspberry Pi, but the device could be even smaller and discreet, allowing for surreptitious implementation.
Ultimately, IOActive’s findings highlighted a broader issue of outdated security standards in casino equipment regulation. They called for modernized security measures, including cryptographic code signing, to safeguard against potential exploitation. State-level regulators and industry standards organizations were urged to reevaluate the seriousness of shuffler security in the casino landscape.
