Hacking Slot Machines by Reverse-Engineering the Random Number Generators
Interesting story:
The venture is built on Alex’s talent for reverse engineering the algorithms—known as pseudorandom number generators, or PRNGs—that govern how slot machine games behave. Armed with this knowledge, he can predict when certain games are likeliest to spit out moneyinsight that he shares with a legion of field agents who do the organization’s grunt work.
These agents roam casinos from Poland to Macau to Peru in search of slots whose PRNGs have been deciphered by Alex. They use phones to record video of a vulnerable machine in action, then transmit the footage to an office in St. Petersburg. There, Alex and his assistants analyze the video to determine when the games’ odds will briefly tilt against the house. They then send timing data to a custom app on an agent’s phone; this data causes the phones to vibrate a split second before the agent should press the “Spin” button. By using these cues to beat slots in multiple casinos, a four-person team can earn more than $250,000 a week.
It’s an interesting article; I have no idea how much of it is true.
The sad part is that the slot-machine vulnerability is so easy to fix. Although the article says that “writing such algorithms requires tremendous mathematical skill,” it’s really only true that designing the algorithms requires that skill. Using any secure encryption algorithm or hash function as a PRNG is trivially easy. And there’s no reason why the system can’t be designed with a real RNG. There is some randomness in the system somewhere, and it can be added into the mix as well. The programmers can use a well-designed algorithm, like my own Fortuna, but even something less well-thought-out is likely to foil this attack.
Kai • August 7, 2017 6:35 AM
I’m just wildly speculating here, but I would imagine that the PRNG algorithms in use are very heavily vetted to ensure that they are random enough, but also predictable enough that the machine is going to pay out at a very precisely determined rate. It’s likely that this engineered imbalance in the algorithm is also what leads to the weakness that’s being exploited.
True randomness could have the machine paying out at above it’s stated range – the companies making these machines and the companies deploying them don’t want them to be properly random, they want it to be very predictable and in their favour.