PTR: Cake Network Security is Vulnerable

After revealing security issues at Cereus in May, PokerTableRatings.com now uncovered a gap in the Cake Poker Network security encryption. The XOR system Cake Poker is apparently using can basically be breached by Windows’ built-in calculator, says PTR.

The gap allows a third party, positioned in between the Cake servers and the player, to steal account information, hole cards or even bankrolls (see the video below). Although PTR’s investigation was limited to Cake Poker and Doyle’s Room, they noted the security risk most probably applied to every member room of the Cake Network. Certain, however, is that both the current and the new Beta (v2.0.) clients are vulnerable.

Moreover, Cake Poker doesn’t use the industry standard SSL encryption nor the relatively safe TwoFish they say on their site they do, but a significantly weaker protocol, the XOR. PTR evaluates different types of connections according to how secure they are (i.e. how easy it is for a hacker to infiltrate the connection between you and the server), as seen below, but they state that under the current circumstances, the only 100% way to be safe is to change your password and not to play on Cake until the security issue is fixed.

PTR's evaluation of connection types

Lee Jones from Cake Poker has already reacted to PTR’s warning. He stated that Cake Network players are safe as breaching the software would take a highly skilled hacker and to date no player information was reported to be stolen. Noting that the risk is low, he nevertheless admitted that their system is not completely secure and the issue is going to be fixed instantly. He also asked players to use secured home connection if possible. Regarding TwoFish, Jones stated that after discovering some flaws, they temporarily replaced it with the XOR and he apologised for the misinformation on their site.