By Stewart Tongue

MALTA – Data security researchers have uncovered vulnerabilities in online poker operations that may expose users to injection attacks and theft of private data. The weaknesses, according to the researchers, may be inherent in any system that uses “skins” as part of a white-label platform.

Luigi Auriemma and Donato Ferrente of data security firm ReVuln published their findings in a white paper entitled “An Overview of Online Poker Security.” Of primary concern is the type of white-label platform software that allows users to customize their experience.

According to Ferrente and Auriemma, the main weakness in white-label platforms lies in the software’s updating mechanism, and the flaw is widespread. Because end-user updates most often occur automatically but do not employ secure socket layers or digital signatures, hackers easily could assume control of the connection.

Even more significant, the researchers said: Taking advantage of a flaw in even one platform could result in a tremendous payoff for the cyber-outlaws.

“[A] vulnerability in one software can affect multiple skins and millions of players,” the report notes.

Another area of concern for Auriemma and Ferrente: A stack-based buffer-overflow vulnerability in some systems may expose user passwords.

Although the researchers focused on online poker software, they suggested similar software running back ends for everything from auctions to cyber-dating also could be at risk.

Analysts at UK-based Juniper Research expect the global online gambling market to be worth more than $45 billion by 2017. Because white-label affiliate marketing is a growing promotional tool, security holes may become increasingly problematic for poker sites and other products or services skinning client portals, the white paper notes.