Friday, September 30, 2011

8th Grade Education and $10 Part: All You Need to Hack These Voting Booths

Posted on September 30, 2011 at 2:04am by Liz Klimas

Voting stations will need to take extra precautions with the election of 2012 as a national laboratory has shown just how easy it can be to hack into an electronic voting booth.

In fact, Salon reports that all it really takes is about $10.50 and an 8th grade science education. The Vulnerability Assessment Team at Argonne National Laboratory, a lab run through the Department of Energy, was able to demonstrate three simple “man in the middle attacks” on touchscreen Direct Recording Electronic (DRE) voting systems, like Diebold voting machines and Sequoia Voting Systems.

Watch the hacking demonstration:


In this hack, the voter still casts their vote and approves it as correct, but the information is intercepted by the hacker through the device they installed, which Salon notes didn’t require any special soldering. In terms of getting inside the machine to place the device, it’s as easy as “picking the rudimentary lock,” according to Salon.

As the researchers say, voting officials should shift their focus from just cyber attacks to those that are a bit more straightforward. Salon continues:

Voting machine companies and election officials have long sought to protect source code and the memory cards that store ballot programming and election results for each machine as a way to guard against potential outside manipulation of election results. But critics like California Secretary of State Debra Bowen have pointed out that attempts at “security by obscurity” largely ignore the most immediate threat, which comes from election insiders who have regular access to the e-voting systems, as well as those who may gain physical access to machines that were not designed with security safeguards in mind.

“This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber [attacks],” says Vulnerability Assessment Team member John Warner. “There’s a very large physical protection component of the voting machine that needs to be addressed.”

CNET reports on the potential for safeguarding these machines:

While it would be relatively easy to make this type of attack more difficult to do by making modifications to the voting machine, stopping the attack cold would require more effort and a “careful examination of the security protocols used,” he said.

Johnston and his team did the research on their own time, as “a kind of Saturday afternoon project,” he said. “There’s not a lot of funding out there to study voting machine problems.”

Salon reports that Sean Flaherty, a policy analyst for VerifiedVoting.org as saying that about a third of voters will use a machine similar to the ones Argonne tested.

ZDNet notes controversy over the potential hackability for these types of voting machines a few years ago and the conflict of interest that arose during the George W. Bush administration since Diebold had been one of Bush’s top fundraisers. ZDNet continues with the fact that Diebold changed its name to Premier Election Solutions, which is now owned by Election Systems & Software. In 2008, CNET reported some states reverting back to paper voting systems due to hacking concerns.

[H/T Capitol Fax]

No comments:

Post a Comment