Online Poker Software Vulnerability Revealed

Published Friday, April 12, 2013 -

A security company based in Malta has revealed recently there may be issues with online poker software exposing players to possible cyber attacks. A review of poker applications shows that many suffer security flaws says Luigi Auriemma and Donato Ferrante of ReVuln. The vulnerability research focused on software downloaded by players in order to play the game. The researchers said, “A vulnerability in one software can affect multiple skins and millions of players,”

Downloaded software improves the customer experience and can give the player data in real time that can enhance the gaming experience. Auriemma and Ferrante continued to explain, “From an external attacker’s point of view, client software is interesting to analyze because it is the only part of the infrastructure which is fully available to an attacker,” The researchers did say that gaming software usually requires a username and password to access an account, although some companies have stepped up security by moving to a double factor authentication. PokerStars for example does use RSA tokens and a PIN to increase security for the players. It appears it is the updates that presents the biggest threat to poker player’s security where the updates are delivered without using Secure Sockets Layer (SSL) encryption or digital signatures. The security professionals said that even if an update is signed, it was still possible in some cases to take over the control of the player’s computer. Software for online poker developed by Malta based firm B3W Group discovered that updates were delivered over an insecure HTTP connection and were missing digital signatures and verification codes.

Poker software supplied by Microgaming could be vulnerable to a buffer overflow attack the security experts stated. Playtech they concluded does verify the digital signatures for dynamic link libraries and executable files, but all of the other files it installs can be modified, which could allow cyber attacks by unscrupulous persons who want to do harm.

Related news

Return to Latest News