PTR Security has uncovered a serious vulnerability in the network encoding used for the Cake network. This encoding leaves player’s accounts as well as hole cards vulnerable to being stolen by any third party who is in between the player and Cake’s servers, as well as anyone who can snoop on their traffic. This means that players on wireless networks (especially unsecured ones) are at particular risk.
This security vulnerability is almost the same as the previous vulnerability we uncovered at the Cereus poker network, which has now been resolved, but there are a few significant differences which will be discussed in the “Special Notes” section.
We believe this vulnerability applies to every Cake network skin (our testing was limited to Cake poker and Doyle’s room). We also were able to verify that this vulnerability applies to both the current Cake client and their new Beta client v2.0.
If you are going to skip the majority if this article please at least take a moment to read the sections “Risk Levels for Players” and “Suggestions for Players.” These sections are minimum reading for anyone who plays on the Cake poker network.Jump to proof of concept
This section is the same as our previous security bulletin for the Cereus Poker Network, so you may skip this portion if you’re already familiar with the Cereus network’s (now fixed) encryption vulnerability.
When logging into a poker client on your PC what is actually happening behind the scenes is a connection is established to the servers owned and operated by the poker network. This connection is used to transmit all data between your PC and the servers, including sending your username and password, betting actions, and your hole cards.
This can be thought of as a conversation between your computer and the poker network, which might go something like:
PC: I’d like to play poker my username is bob and my password is 123456
Server: You are logged in
Server: A new hand has started at your Table 1
Server: Your hole cards for Table 1 are Ac Jh
On all poker networks this data is encrypted in a manner that would prevent any intercepted data from being used to gain access to your account, or steal your hole cards. This means essentially that the conversation is obscured to prevent eavesdropping, so that someone listening in cannot “hear” your password.
Almost every poker network uses some implementation of the SSL protocol, which is the same type of security mechanism that everyone from banks to government agencies use to secure their data. There are several freely available implementations of this protocol including the open source OpenSSL . SSL is the industry standard, and is generally regarded as best practice for encrypting network transmissions.
The problem is that the Cake Poker network does not use SSL to encrypt their communications; they use a custom form of encryption which is XOR-based. This form of encryption is known to be extremely weak, and in fact their particular implementation makes it particularly simple to decrypt network data due to an easily discoverable key.
In fact, the encryption that the Cake Network employs isn’t so much encryption as it is encoding. To see how simple it is to decode this data, simply open up your windows calculator and set it on scientific mode. All that is really necessary to decode the data stream is the XOR button .
The requirement for this vulnerability to be exploited is network access. This means that if you are playing on an open wireless network, a cracked wireless network (something which is increasingly simple to do), or on a physical network which has been compromised – an attacker could dump the network traffic and exploit this vulnerability maliciously.
Stealing hole cards is very possible with this exploit; however, the larger concern is that of stolen bankrolls. In theory an attacker could identify a potential victim and park a car down the street, and if the victim plays on a wireless network, sniff their login information and then go home and dump the money off to other accounts. This is very unlikely to ever have happened, but it is possible.
A large misconception with the Cereus network vulnerability was that only players on a wireless network that was unencrypted were at risk. We saw many inaccurate security reports circulated which downplayed the severity of the issue. So this time we’d like to make it very clear that no matter what kind of network you play on you at risk on the Cake network. Any attacker that can position themselves between your computer (or listen to it such as with a wireless network) and the Cake servers in Curacao can theoretically steal your login information or hole cards.
The reason wireless networks are specifically targeted is that rather than having to insert yourself between the victim and the Cake servers, you can observe the data without any physical access.
Besides the technical implications there are many other industry implications that continue to be raised by these sorts of revelations. How can yet another poker network get licensed and audited, but nobody along the way notice that they aren’t employing even the most basic security mechanisms? Is anyone actually watching out for us?
In our lab, using a dummy cracked wireless network, we’ve been able to steal usernames and passwords from multiple Cake network skins (to our knowledge this vulnerability applies to all cake skins). The username and password was made visible to us as the player clicked the login button, or as the “auto-login” occurred. This exploit is more serious than the Cereus network in which we were only able to get an MD5 hashed version of the password which then required a more sophisticated “injection” mechanism to hijack the account. In this exploit, we simply get the plain text username and password.
We’ve also successfully stolen hole cards as they were dealt, as shown in the demonstration video. This is basically the same exploit as the Cereus network.
All of our tests were done in a lab environment, using cheap commercial grade laptops. The source for all of the testing totals less than 500 lines. The wireless network cracking and snooping was done using freely available open source software.
Risk Levels for Players
The below chart attempts to quantify the level of risk a player has of being victimized in each type of networking scenario.
|Network Type||Risk Level|
|Public Unsecured Wireless||Severe|
|Public Secured Wireless||Moderate-High|
|Home Unsecured Wireless||Moderate|
|Home Secured Wireless||Moderate-Low|
- Unknown wireless network in college dorm called “Linksys”
- Public Unsecured Wireless
- Severe Risk
- Starbucks or airport wireless, requiring login
- Public Secured Wireless
- Moderate-High Risk
- School computer lab, plugged in
- Public Wired
- Moderate Risk
- Home wireless network called “Linksys” or “netgear” not requiring key or using WEP key (10, 26, or 58 digit hexadecimal number sometimes generated from a user passphrase)
- Home Unsecured Wireless
- Moderate Risk
- Home wireless network requiring WPA2 key
- Home Secured Wireless
- Moderate-Low Risk
- Home wired network
- Low risk
It is worth mentioning here that a player who can be specifically targeted is at an unquantifiable but elevated level of risk.
Suggestions for Players
As suggested previously there is no way to be 100% secure at the moment while playing on Cake poker. It is not possible to know that you’re safe, even when plugged directly into your router.
The only guarantee of safety is to change your password, and stop playing on the Cake network until these issues have been fully resolved and verified by us. Until Cake has switched to OpenSSL, or the TwoFish encryption their webpage says they use, there is no way to be sure you are secured.
If you must continue to play in the mean time you should plug directly into your router or cable modem. If this is not an option you should make absolutely sure your wireless network is encrypted using WPA2 encryption.
Do NOT play on any unknown or public networks, especially wireless network. Also it may be wise to keep the fact that you play on the Cake network to yourself so as to avoid making yourself a target.
Suggestions for Cake Network
As we recommended to the Cereus poker network when their similar vulnerabilities were discovered, you must upgrade your network communications to use the industry standard OpenSSL library. It is freely available at http://www.openssl.org. When implementing the SSL changes you should be sure to validate your peer certificate so as to prevent an SSL man-in-the-middle attack. Failing that, you could implement the TwoFish algorithm mentioned on your website but this would be harder and more prone to vulnerabilities as custom implementations always are.
Also, please immediately remove the incorrect security material concerning hackers from your website.
We, as always, offer our expertise in auditing security and verifying the fix once implemented.
In the introduction to this article mention was made to the fact that this vulnerability is similar to the Cereus poker network’s vulnerability, but there were significant differences, in the follow sections we will review these differences.
Practically, the major difference is that you can retrieve the plain text password from the network data stream. This is much easier to make use of since there is no “injection” of a stolen password hash that needs to occur to hijack the account like there was on Cereus. Simply take the stolen username and password and login at your convenience.
Technically there are a few differences. Cereus used a single hard coded encryption key which we were able to discover via a blunder in their algorithm. Cake at least uses an encryption key that changes all the time, it arrives at startup and then is mutated as the key is applied to packets.
The other technical difference is the way the key is discovered in the vulnerability. There are actually two ways to receive the key. The first, and hardest way, is to listen for when the key is sent in plain text over the network stream and then mutate the key after each decryption as Cake does. This requires that you have a complete network dump including the initial connection to the Cake servers. Basically you have to be “listening” from the very beginning.
The second and much simpler way to receive the key is to just brute force it. That’s right; you can literally guess the key. It only takes a few milliseconds and is far more practical than the previous method. All of our testing was done using this second method, brute forcing the key.
Differences of Principle
The final differences are of an entirely non technical nature. In the case of the Cereus network’s vulnerability it seemed that the problem was mostly due to ignorance, there was no intentional misleading of the public – indeed it is most likely that, as they claim, they were entirely unaware of the issue.
However, Cake has this paragraph posted on several of the skin’s website concerning security from hackers:
All communications between the client program running on your computer and the Cake Poker server in Curacao are encrypted using the accepted industry standard 256-bit TwoFish encryption algorithm. The unique cards dealt to each player are delivered exclusively to that particular player’s computer thus maintaining privacy and integrity of play. Packet-sniffing by other players cannot be used to gain any advantage. Each player’s cards are sent exclusively to that particular player’s computer. None of the other computers know what your hidden cards are, thus preventing an opponent from hacking their client software to determine your cards.
This paragraph contains inaccuracies and two blatant deceptions. A nit-picky type inaccuracy: TwoFish is in no way the accepted industry standard. The accepted standard is clearly and overwhelmingly SSL, specifically OpenSSL. Every major network uses some implementation of SSL, it is in fact the only accepted standard. Also, clearly packet-sniffing can be used for significant advantage.
Now as far as the deceptions:
- Cake does NOT use a TwoFish encryption algorithm. The TwoFish algorithm, although non-standard, is basically “secure.” It is a symmetric cipher, which makes it fundamentally much more secure than the x-or encoding scheme that Cake uses. It cannot be brute forced in any sort of practical manner.
- Cake does NOT use a 256-bit algorithm. Their seed is sent in plain text and is a single 32 bit value.
It is also worthwhile to note that since they have created a beta client which, as far as we can tell, is written in an entirely new language in a ground-up manner they must be aware of the encoding mechanism in place. They had to have copied it from the old client, understood it, and then translated it into the new client. This implies that the deceit is not one of ignorance, at least at the programmer level. Likely the higher-ups are in fact naive of the issue, but someone, somewhere, was aware of this.
In summary, there is a critical network vulnerability in the Cake poker network’s software which makes it possible to steal account information including username and passwords, and view hole cards. There is no 100% protection until the Cake poker network upgrades to OpenSSL. Cake has an erroneous security notice on their website which claims to implement a type of encryption that they do not have.
As before, we have no way of knowing if this vulnerability has been used to exploit actual players. PokerTableRatings.com created test accounts for all of our testing during our research phase. We do not have passwords to any unauthorized user accounts. Cake has been notified of the issue and we will continue to report as the situation develops.