Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking

Posted by timothy on from the old-ways-are-best dept.

After the report last week that Brazil's e-voting machines had withstood the scrutiny of a team of invited hackers, reader ateu writes with news that a hacker has shown that the Linux-based voting machines aren't perfectly safe; he was able to eavesdrop on them (translated from Portuguese) by means of Van Eck phreaking.

16 of 157 comments (clear)

  1. Honestly by pieisgood · · Score: 2, Insightful

    What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes? Honest replies welcome.

    --
    Eat sleep die
    1. Re:Honestly by Opportunist · · Score: 4, Insightful

      Easy. Take the machine, hollow them out, put a board in and use their shell as a guard from prying eyes for pen&paper voting. The manufacturers of the machines get the money and we get secure and anonymous voting.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    2. Re:Honestly by Nimey · · Score: 4, Insightful

      Low-contrast fonts are probably right out, since you don't want to disenfranchise old folks and others with vision problems.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    3. Re:Honestly by Jafafa+Hots · · Score: 3, Insightful

      Exactly. It's pretty safe. This shows that a random citizen is unlikely to give an election to Mickey Mouse on a whim.

      Instead it would take someone with significant knowledge and even serious funding to sway an election. Probably not just a someone, but even an organization.

      So the only way this could ever effect elections would be if there were an organization or group of conspiring individuals with significant monetary resources - AND for that group of people to feel that swaying an election would be in their interest - AND for that group of people to then be so immoral as to decide to do so.

      Clearly such a confluence of conditions is so wildly improbable that we can effectively rule out its possibility.

      --
      This space available.
    4. Re:Honestly by mspohr · · Score: 2, Insightful
      You could also view votes with a video camera in the ceiling and it would also give you a picture of the top of the person's head to help with identification. This would also work to reveal paper ballots as well as electronic machines. Think of the children! You could also ask people how they voted when they left the polling place and most people would just tell you! Some would lie but only because you were ugly. In other news, most people don't vote; those who do vote are uninformed; and the only votes that really count is the money that comes from corporations. I know it's Sunday but it's raining here and I don't have anything better to do than read this drivel.

      (Note to moderators... I'm going for funny here but feel free to mark as 'stupid'.)

      --
      I don't read your sig. Why are you reading mine?
  2. Whew, that was a close one... by robwgibbons · · Score: 4, Insightful

    "Listening in" and actually breaking the security of the machine are two entirely different things. What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll. As far as I see it, the machine's security has still yet to be bested.

    1. Re:Whew, that was a close one... by Animaether · · Score: 4, Insightful

      What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll.

      Basically.. all of the reasons you want voting to be done anonymously apply here.

      If you can couple the emissions at the location of the machine with the emissions from a particular user - say, their mobile phone's signature - then you can go back to forcing people to vote for X and make sure that they do, roughing them up as an example to the others you told to vote for X if you detected a vote for Y instead, without a need to plant something on them or leaving any trace.

      In theory, anyway.

    2. Re:Whew, that was a close one... by Vellmont · · Score: 2, Insightful


      What's the most someone could do with this exploit?

      Uhh.. find out who someone voted for? All you need is two people, one in the polling place and someone else with one of these devices. If I really have to try to convince you of the value of secret votes, I give up.

      --
      AccountKiller
    3. Re:Whew, that was a close one... by Anonymous Coward · · Score: 1, Insightful

      exactly, this is hardly news and besides shouldn't they point out that ALL e-voting machines are subject to this very same exploit? (unless they have proven they cannot be of course!)

    4. Re:Whew, that was a close one... by coppro · · Score: 2, Insightful

      The issue is one of anonymity. Someone could (comparatively) easily phreak a machine when a specific person walks into the polling booth so that they could determine that person's vote. The integrity of the results is not compromised, however; there is no threat of vote-stuffing or fraud.

    5. Re:Whew, that was a close one... by Anonymous Coward · · Score: 1, Insightful

      1 - The machines have batteries.

      2 - In Brazil, voting is mandatory, so no one is going home just because of the line. There is almost always a huge line.

      Not saying that there is no scenario to disrupt the election. But not these two.

      And also, to do something like you say, one would need to "listen" to many machines and to disrupt several that are not in your favour. It would be pretty difficult to hide.

      I guess the most "promising" way of tampering with the elections would be trying to mess with the final counting - when they total all the polling stations.

  3. Re:Physical Security by Sarten-X · · Score: 3, Insightful

    If an attacker were able to access the voting location enough to install an unnoticeable antenna, I'd be more concerned with small cameras. Even a large antenna in a nearby building would require somebody watching to see who was using which voting machine, in order to pose any real threat.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  4. No technology will prevent that by lwoggardner · · Score: 4, Insightful

    Not to say that secrecy isn't important, but once it requires a certain level of technology to eavesdrop then surely you just pick some random people and rough them up anyway telling the people you are intimidating that you have this "magic" eavesdropping technology.

  5. Re:Van Eck Phreacking will always exist by Frankie70 · · Score: 4, Insightful

    If your country really is free (something that Brazil is good at) there is no problem telling everybody who you voted on..
    Vote's anonymity only makes it easier to fake elections.

    Don't be silly.
    Secret ballot is one of the cornerstones of democracy.

    In a secret ballot, you don't get bribed to vote for a particular person because you can
    always say you voted for him while voting for him.
    Likewise, about getting pressured about voting for someone.

  6. As a person in the infosec field by seifried · · Score: 4, Insightful

    This is why I love the Canadian method: paper with circles, make an "X" in the circle you want, fold the paper and put it in the ballot box. Good luck hacking that on a large scale (what with scrutineers from multiple parties watching the election and the count and each other, plus the people there as independent scrutineers watching everyone else), and monitoring it (little cardboard voting booth on a table, voila, privacy. The only argument I could imagine is finger prints on the ballots, but you can wear gloves if you want.

  7. Dumb question... by EricX2 · · Score: 2, Insightful

    Why does the electronic voting machine have to be a touch screen? Why not a list of the options with buttons with an LED in them that light up when you press the button? The list could be on a separate display next to the buttons but nothing changes therefore the 'van eck phreaker' would only get the data on the screen, not the option picked... but I have no knowledge of this sort of stuff.

    Maybe some places do that, but where I live we do vote by mail.