Radar / Underdog DFS: remote screen control via Tailscale undetected for 20+ minutes
Source. June 2, 2026 weekly sync.
Ticket. CIV-81: Underdog DFS — Remote screen control via Tailscale (Radar).
What we tested
The same remote-screen-control pattern that GeoComply blocked on Bally Bet NJ this week: a tool lets one person take full control of another person's computer screen from a completely different location. The person physically in the permitted state does nothing — the remote user places all the bets. Here the target was Underdog DFS, running on Radar.
Stack: a Tailscale tunnel linking the two machines, driven through built-in screen-sharing.
What happened
- ✗ The session lasted over 20 minutes with active remote control in use.
- ✗ Radar did not detect or block it. Bets could be placed freely throughout.
Why it matters
This is a clear fraud and compliance gap. A user outside a licensed state can bet through a "proxy" device inside the state, with no exotic configuration — the attack uses off-the-shelf, legal tools. Operators running this integration carry regulatory exposure if the method is used by real fraudsters.
Cross-reference
- Bet365 NJ (XPoint) — macOS↔macOS RDP via Tailscale undetected (May 26, CIV-73) — the origin finding that prompted this expanded campaign.
- OpenBet / Fanatics — Mac-to-Android remote control undetected (CIV-79) — same gap, third integration.
- GeoComply / Bally Bet NJ — the same Tailscale remote-control attack blocked at login and mid-session ✓ (CIV-82) — direct contrast on the identical vector.