Shuffle Master Deck Mate 2 Missing Secure Boot Vulnerability Allows Persistent Code Execution
Vulnerability
A vulnerability exists in the Shuffle Master Deck Mate 2 automated card shuffler due to the absence of a secure boot process and runtime integrity checks for its controller and display modules. This flaw enables an attacker with physical access to alter the bootloader, kernel, or filesystem, achieving persistent code execution that endures across power cycles. Such modifications can be exploited to manipulate the shuffler's operations, potentially facilitating cheating in poker games. Although the manufacturer has released a firmware update to address these issues, the vulnerability highlights significant security shortcomings in the device's design and implementation.
Impact
Exploitation of this vulnerability could lead to unauthorized modifications of the shuffler's firmware, allowing for persistent access and control over the device. This could be used to monitor and manipulate the order of cards during gameplay, undermining the integrity of poker games and potentially exploiting casino jackpot systems.
Reproduction
The vulnerability can be reproduced by physically accessing the shuffler's exposed USB or Ethernet ports. Once connected, an attacker can use the weak, hardcoded root credentials to gain shell access on the display module board. From there, it's possible to reflash the machine controller board with modified firmware that has been patched to enable cheating, such as by logging card order data or manipulating the shuffling process. After the firmware has been updated, the shuffler can be used in a poker game, with the implanted device transmitting card order information to a mobile app that assists in cheating.
Remediation
Shuffle Master has released a firmware update that strengthens the integrity of the update process and disables physical update ports to reduce the risk of exploitation. However, further improvements are needed to address the fundamental security flaws that allowed this vulnerability to exist.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.