Digital security consulting firm ReVuln recently probed into the possibilities for online poker cyber attacks to reveal that the client-side software is the weak link of online poker security. Client-side software is “the only part of the infrastructure which is fully available to an attacker,” claimed the security firm.
Essentially, the firm is saying that weaknesses in key areas of the online poker world are resulting in an entry point for hackers. For instance, ReVuln pinpointed the lack of Secure Sockets Layer (SSL) connections during updates, as secure connections are not being used when updating software, leaving a window of opportunity for hackers to climb right through.
Passwords and Updating Are Weak Links
The firm also states that inadequate password storage is leading to wide-eyed hackers seeing the opportunity to pounce, and explains that encryption keys are a much more secure solution – rather than just concealment – as cyber attackers can eventually gain access to these passwords, basically giving them an abundance of blank electronic checks.
During its probing, ReVuln investigated some of the big names out there, and found that their systems were open to attack at some opportunistic moments, especially during the software updating process, as mentioned above.
Gaming giant Microgaming was found to be lacking, and so too were B3W and Playtech’s iPoker, which were found to be using insecure HTTP connections for updates, making them vulnerable to cyber criminals.
Are Findings Reliable, Though?
However, how much can we trust the word of a company who reportedly sells their findings to government agencies and private customers, yet doesn’t necessarily inform the software companies themselves of the vulnerabilities and weaknesses their investigations reveal? The business model itself has come under scrutiny from digital rights advocates, as there is no telling what ReVuln’s customers may do with the information provided.
In fact, in response to ReVuln’s overview of weaknesses in the online poker world, Malta-based B3W stated that they are yet to receive a single report of a compromised customer account in relation to their platforms during their twelve years of business. Perhaps scare-mongering tactics are being used to stir up a little hysteria? Or perhaps the weaknesses are just not that weak after all?
That being said, ReVuln’s findings certainly cannot be ignored, and as such, B3W has stated that they have investigated the findings and have already rectified many of the issues, while looking into resolving the others, showing that the online poker world does take security very seriously, as well as the protection of customers’ information.