Preventing slot hacks via speed and oversight

182
Jack pot

The two main things dictating electronic gaming machines’ vulnerability to being hacked are the speed at which the product gets to market from the development floor and the oversight of the machines once they’re in place, according to Gaming Laboratories International’s Vice President of Global Services, Ian Hughes.
The comments came on the last day of Global Gaming Expo (G2E) Asia.
Given that the machines are based on Random Number Generators (RNGs), the perception is that the combinations are completely random, which is inaccurate, notes the VP.
“A computer that generates a random number – it can never be a truly random number; we call it a pseudo random number,” notes Hughes.
“The industry tries to create as close to random as possible [but] without a truly random number there will always be some patterns,” he says regarding potential points of exploitation, citing the case of a syndicate that exploited a slot machine weakness in Las Vegas, predicting its payouts.
“We saw recently over the weekend with Ransomare attacks that those computers that were attacked were computers that were not updated in a timely fashion [and] more vulnerable, same thing in the gaming industry,” declared.
However, the responsibility of divulging to the public or to authorities when an exploitation has been detected is often a blurred line.
“You have to be wary of the time. If there’s a known hack or cheat you want to fix it before it can be globally exploited. In some cases it’s important to keep that as confidential as possible. In the case of the RNG attack it was 12 to 14 months before it became public,” said Hughes.
Internationally, no “gold standard” exists for the industry in terms of best oversight and reporting potential points of exploitation, points out Jennifer Roberts, the Associate Director of the International Centre for Gaming Regulation in Nevada.
“[In] Las Vegas many of the casinos will actually meet on surveillance issues; they might discuss some issues they see or some suspicions. But that’s more of an informal meeting, not mandated by regulation. And because there’s so much consolidation in gaming, at least in Nevada, you’re only talking about a handful of operators. It’s the small operators that have to be part of that dialogue,” she states.
Regulators, however, are faced with a unique set of challenges given that they need to be reliant on industry experts to implement effective regulation, points out Mr. Hughes.
“I don’t think regulators look to any one source. They talk to as many people as they possibly can and are pretty good at telling if someone’s not being truthful or honest and they know the right questions to ask,” he said. “It’s very difficult for any regulator to keep up with tech so they have to rely upon industry experts”.