15 Apr 2013
Gambling software developer B3W Group plans to fix poker game bugs recently discovered by security researchers, according to IDG News Service. The Malta-based company said it will start the update within the week.
“We take our clients' security extremely seriously,” B3W director of strategy AJ Thompson told IDG News Service. “We do have a build of a client which does not allow the saving of the password, and we are considering the introduction of this to the core client build.”
Thomson confirmed the root problem revealed by the security experts from research consultancy ReVuln, but said their users have not been hacked in 12 years of operating online. The ReVuln report also analyzed products from Microgaming and Playtech, revealing the downloaded client allows hackers to spy on the games’ software design.
“Online gaming companies and players should be aware of potential security issues in the products they provide and use respectively,” the paper reads. “The security issues and information disclosed in this document covers only part of the attack surface for Online Poker systems.”
The researchers discovered that B3W's software updates itself over an insecure HTTP connection. Updated files are stored without digital signatures, and potentially dangerous “.exe” files are installed without being scrutinized. The company’s software also has vulnerabilities when it comes to storing passwords on users’ devices.
B3W develops gambling software including variations of poker such as Texas Hold'em, Omaha and Stud. Bitdefender research showed poker games have password vulnerabilities since September 2012. Texas Hold’em, for instance, broadcasts plaintext or MD5-encrypted credentials. Though encryption is relatively secure, hackers can easily breach the system with online automated tools that allow them to get the hashes and steal users’ credentials.
According to ReVuln, the online gaming market is a 30 billion-worth business in the US alone.