Shuffle Master Deck Mate 2 Insecure Update Chain Vulnerability Allows Cheating in Poker

A vulnerability in the Shuffle Master Deck Mate 2 automatic card shuffler has been identified, allowing for unauthorized manipulation of the shuffling process. The issue arises from the shuffler's firmware update mechanism, which accepts update packages without proper cryptographic signature verification. Instead, these packages are encrypted using a hard-coded AES key that is shared across all devices. The integrity of the updates is validated using a truncated HMAC, which is insufficient. This vulnerability can be exploited by attackers who have physical access to the shuffler, typically through the USB update port that is exposed under the table. Once the shuffler is compromised, an attacker can use the internal camera to monitor the deck order and player hands, facilitating cheating during poker games.

Impact

Exploitation of this vulnerability allows for full control over the shuffling process, with the ability to monitor and manipulate the deck order in real-time. This could lead to significant cheating in poker games, as an attacker could know the exact cards held by each player and use this information to their advantage. Additionally, the vulnerability could be exploited to trigger jackpots in certain casino games, further increasing its impact.

Reproduction

The vulnerability can be reproduced by inserting a hacking device into the USB port of a Deck Mate 2 shuffler. This port allows for network communication with the shuffler's internal control board, where the firmware can be modified to bypass the card counting mechanism and gain access to the shuffler's deck order data. Once the shuffler has been compromised, the modified firmware can be used to exfiltrate the card order information via Bluetooth to a mobile application.

Remediation

The manufacturer has released a firmware update to address these vulnerabilities, and operators can physically restrict access to the shuffler's USB port to prevent exploitation.