Skip to main content

2 posts tagged with "rustdesk"

View All Tags
PartialRemote access

XPoint / bet365 MI + BetRivers MI: commercial RDP blocked pre-wager; RustDesk blocked at ~290 s interval check (install alone silent)

Xpointbet365RushStreet Interactive (BetRivers)
xpointbet365-mibetrivers-mirdprustdesk

Source. June 23, 2026 weekly sync.
Ticket. CIV-63: Bet365 MI — full Radar / XPoint integration research.

What we tested

Remote desktop detection retest on bet365 Michigan and BetRivers Michigan (both XPoint) — RustDesk and the commercial RDP stack (HopToDesk, AnyDesk, TeamViewer).

What happened

  • HopToDesk, AnyDesk, TeamViewer — detected and blocked before a bet could be placed on both Michigan integrations. This is a key difference from prior cycles — XPoint did improve commercial RDP detection.
  • ⚠️ RustDesk — blocked, but with timing and install nuance.
    • The prior launch-order identification lag (June 2 finding) was not reproduced under rigorous retest.
    • Session was blocked at the first interval check — approximately 290 seconds (~4.5 minutes) later.
    • RustDesk is detected only while actively runningnot when merely installed. A player can have RustDesk on their device without triggering an alert until a session starts.

Why it matters

Commercial RDP detection on Michigan deployments is materially better than historical baselines — worth citing in competitive conversations. The RustDesk result is improved but not clean: a ~4.5-minute active- session window and silent tolerance of a installed-but-idle copy still leave residual exposure, especially vs GeoComply's real-time mid-session blocks on comparable vectors.

Pennsylvania BetRivers deployments still show undetected native iOS and Tailscale paths in the same test window (June 23 advanced spoofing review, CIV-88).

Cross-reference

Xpoint profile → · June 23 weekly sync →

PartialRemote access

XPoint / bet365 MI: RustDesk evades detection when launched after the geolocation client (launch-order flaw)

Xpointbet365
xpointbet365-mirdprustdesklaunch-order

Source. June 2, 2026 weekly sync.
Ticket. CIV-64: MI advanced spoofing retest.

What we tested

RustDesk remote access against bet365 MI (XPoint) on both Windows and macOS, varying the launch order of RustDesk relative to the XPoint geolocation client.

What happened

  • RustDesk launched before XPoint → flagged immediately.
  • RustDesk opened after XPoint was already active → undetected on both Windows and macOS. Over 50 consecutive location checks passed with the remote tool running.
  • Detection only resumed once the XPoint client was manually rebooted.

Why it matters

The behaviour points to a one-time startup scan for prohibited software rather than real-time monitoring. The vulnerability stems from a predictable initialization sequence: an adversary who recognises the pattern can bypass desktop geolocation on bet365 MI simply by activating remote access after launch — a repeatable, low-effort gap that leaves a notable regulatory exposure open for the duration of a session.

Cross-reference

Xpoint profile → · June 2 weekly sync →