Skip to main content

3 posts tagged with "ciV-59"

View All Tags
DetectedRemote access

OpenBet / Fanatics WV: FaceTime screen sharing detected at session start — account / device blocked ✓

OpenBetFanatics Sportsbook
openbetfanatics-wvfacetimescreen-sharingrdp

Source. May 26, 2026 weekly sync.
Ticket. CIV-59: Fanatics — OpenBet Locator | advanced spoofing.

What we tested

Whether FaceTime screen sharing — Apple's built-in feature for mirroring one device's screen to another over the network — would be detected when initiated at the start of a wagering session on Fanatics West Virginia (OpenBet Locator).

What happened

  • Detection fired immediately at session start.
  • Result: account or device was blocked, preventing the wagering session from continuing.

Why it matters

iOS FaceTime is a credible remote-control vector: it ships on the device, requires no third-party tools, and gives the remote party a real-time view of the screen with light interaction. OpenBet catching it at session start is exactly the moment where this defence is cheapest and least disruptive — before any bets, before any state changes.

This is the same week as the Bet365 MI validation where iOS FaceTime RDP went undetected while a user in Massachusetts placed bets on a device in Michigan. Same vector, two operators, opposite outcomes — clear evidence that FaceTime detection is a vendor / integration choice and is implementable today.

Cross-reference

OpenBet profile → · May 26 weekly sync →

MissedNear borderBoundary crossing★ Pinned

OpenBet / Fanatics TN: WV casino-game session maintained 10m inside Virginia border (iOS)

OpenBetFanatics Sportsbook
openbetfanatics-tnnear-borderiosciV-59

Source. May 19, 2026 weekly sync.
Ticket. CIV-59: Fanatics — OpenBet Locator | adv spoofing.

What we tested

Close-to-border testing of the Fanatics (OpenBet Locator) deployment on iOS. The tester opened a West Virginia casino game session inside WV, then physically crossed into Virginia while keeping the session active.

What happened

  • Session maintained. The active WV casino-game session was held open consistently while the tester stood 10 meters inside the Virginia border — a state where the operator is not licensed.
  • iOS only. The issue was not reproduced on Android in the same conditions.

Why it matters

A 10m post-border allowance is meaningful in real-world geographies where homes, hotels, parking lots, and businesses sit directly on the state line. A player who lives or works on the line can sustain an active gaming session while physically on the wrong side of it. This is the exact compliance scenario near-border buffer zones exist to prevent.

The iOS/Android asymmetry suggests the regression is in the iOS-side boundary handling specifically, not in the underlying geofence geometry.

Cross-reference

OpenBet profile → · May 19 weekly sync →

MissedRemote access

OpenBet / Fanatics TN: TeamViewer screen mirroring undetected — NY tester placed bets on TN platform

OpenBetFanatics Sportsbook
openbetfanatics-tnteamviewerrdpciV-59

Source. May 19, 2026 weekly sync.
Ticket. CIV-59: Fanatics — OpenBet Locator | adv spoofing.

What we tested

Remote-control testing against the Fanatics Tennessee (OpenBet Locator) deployment, comparing two screen-mirroring tools:

  1. TeamViewer — desktop remote control, tester in NY driving a device located in TN.
  2. FaceTime — same setup, Apple's native screen-sharing.

What happened

  • TeamViewer: not detected. The NY tester placed bets on the TN platform via TeamViewer screen mirroring with no error, restriction, or session interruption.
  • FaceTime: detected and blocked correctly. Same operator, same jurisdiction, same testing setup — but the FaceTime session was identified and blocked.

Why it matters

OpenBet Locator's RDP coverage is inconsistent by tool, not by operator or by platform. Some screen-mirroring tools are caught (FaceTime, droidVNC-NG at Fanatics NJ this week), others are not (TeamViewer here, HopToDesk + iPhone mirroring from May 5).

This is the same structural pattern we documented in earlier weeks: the remedial-action classes claim screen-share detection, but the detection runs against a fixed list of known signatures rather than generalising. Any RDP tool not in that list sails through.

Cross-reference

OpenBet profile → · May 19 weekly sync →