Shuffle Up and Deal: Analyzing the Security of Automated Card Shufflers | Joseph Tartaro, Enrique Nissim, Ethan Shackelford

Joseph Tartaro, Principal Security Consultant, Enrique Nissim, Principal Security Consultant, and Ethan Shackelford, Associate Principal Security Consultant, conducted a comprehensive analysis of the security aspects of ShuffleMaster’s Deck Mate 1 (DM1) and Deck Mate 2 (DM2) automated shuffler machines. Primarily used at poker tables, these machines are widely adopted by casinos and cardrooms and are commonly used in private games. While the primary objective of these devices is to enhance game speed by assisting dealers in shuffling, they also ensure security through various deck checks, and their control over the deck renders them highly desirable targets for attackers.

In this whitepaper, the team attempted to answer the following questions:

  • Is cheating possible if one of these hardware devices is compromised?
  • How feasible is it to perform such an attack?
  • What can be done to prevent and/or mitigate the risk of cheating?
  • How can players and gaming operators protect themselves from this kind of cheating?

It is worth noting that no signs of code from the manufacturer performing any malicious or hidden functions were found in either of the audited shufflers. Different groups across the internet have speculated that shufflers contain secret logic that Casinos and/or card rooms could leverage to cheat players or increase house edge. Having thoroughly reverse engineered the entire state machine of the original firmware for both shuffler models, we found no evidence whatsoever that this was the case.