Slashdot Mirror

← Back to Stories (view on slashdot.org)

Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking

Posted by timothy on from the old-ways-are-best dept.

After the report last week that Brazil's e-voting machines had withstood the scrutiny of a team of invited hackers, reader ateu writes with news that a hacker has shown that the Linux-based voting machines aren't perfectly safe; he was able to eavesdrop on them (translated from Portuguese) by means of Van Eck phreaking.

37 of 157 comments (clear)

  1. Honestly by pieisgood · · Score: 2, Insightful

    What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes? Honest replies welcome.

    --
    Eat sleep die
    1. Re:Honestly by Anonymous Coward · · Score: 5, Funny

      It's simple. just throw out the person with the radar dish, oscilliscope, and notepad.

    2. Re:Honestly by robbak · · Score: 4, Interesting

      Several ideas. Of course, use LCDs, as the CRT circuitry is the bad one. Shield the data connections so they don't radiate too much. Make the connections that transmit unencrypted data short. Use low-contrast fonts, so the sharp edges do not cause large voltage (and therefore EMI) spikes. Randomise the low bits of data shown on the screen, so you create obfuscating noise.

      Maybe you have to go as far as have a white noise transmitter to mask what you cannot elimiate. Plenty of room to move. Good on them for having such a contest - it flushed out all the 'Ooh, I didn't think of that' problems.

      --
      Prediction for end of Universe #42: Fencepost error in Quantum_bogosort.cpp
    3. Re:Honestly by Opportunist · · Score: 4, Insightful

      Easy. Take the machine, hollow them out, put a board in and use their shell as a guard from prying eyes for pen&paper voting. The manufacturers of the machines get the money and we get secure and anonymous voting.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:Honestly by mrmeval · · Score: 2, Informative

      Not much really. While it is possible to effectively protect a device from such snooping it is very expensive due to the testing and handling requirements. I don't see it on the link but I think there is a commercial Tempest standard.

      http://www.eskimo.com/~joelm/tempestintro.html

      The page has good info and you can try the anti-Tempest fonts for a grin. It's based on the paper also referenced on that page.

      --
      I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
    5. Re:Honestly by biryokumaru · · Score: 3, Informative

      Of course, use LCDs, as the CRT circuitry is the bad one.

      Wikipedia would disagree with an annoying PDF.

      --
      When you're afraid to download music illegally in your own home, then the terrorists have won!
    6. Re:Honestly by Nimey · · Score: 4, Insightful

      Low-contrast fonts are probably right out, since you don't want to disenfranchise old folks and others with vision problems.

      --
      Hail Eris, full of mischief...

      E pluribus sanguinem
    7. Re:Honestly by Jafafa+Hots · · Score: 3, Insightful

      Exactly. It's pretty safe. This shows that a random citizen is unlikely to give an election to Mickey Mouse on a whim.

      Instead it would take someone with significant knowledge and even serious funding to sway an election. Probably not just a someone, but even an organization.

      So the only way this could ever effect elections would be if there were an organization or group of conspiring individuals with significant monetary resources - AND for that group of people to feel that swaying an election would be in their interest - AND for that group of people to then be so immoral as to decide to do so.

      Clearly such a confluence of conditions is so wildly improbable that we can effectively rule out its possibility.

      --
      This space available.
    8. Re:Honestly by icebike · · Score: 4, Informative

      Exactly so.

      The equipment to carry out this snooping is easily spotted, and more easily foiled.

      With more than one voting station in the room, said eaves dropper could never distinguish one vote from the other, and could certainly not CHANGE the results.

      You would be better able to guess how persons voted by the color of their tie. http://www.tie-necktie-video.com/tie-color.html

      --
      Sig Battery depleted. Reverting to safe mode.
    9. Re:Honestly by mspohr · · Score: 2, Insightful
      You could also view votes with a video camera in the ceiling and it would also give you a picture of the top of the person's head to help with identification. This would also work to reveal paper ballots as well as electronic machines. Think of the children! You could also ask people how they voted when they left the polling place and most people would just tell you! Some would lie but only because you were ugly. In other news, most people don't vote; those who do vote are uninformed; and the only votes that really count is the money that comes from corporations. I know it's Sunday but it's raining here and I don't have anything better to do than read this drivel.

      (Note to moderators... I'm going for funny here but feel free to mark as 'stupid'.)

      --
      I don't read your sig. Why are you reading mine?
    10. Re:Honestly by sjames · · Score: 2, Informative

      Good pictures. It looks like a newer version could be made to limit the emissions quite nicely. It might also be possible to retrofit the existing machines with shielding including a false front to extend the keypad buttons (but not the switches) through the shield.

      At the busiest polling places it probably wouldn't be as much problem as many people would be using many identical machines at once. It would be hard to know who did what.

      A tone generator connected to a transmitter might be able to simply jam the signals as well saving a redesign.

  2. Whew, that was a close one... by robwgibbons · · Score: 4, Insightful

    "Listening in" and actually breaking the security of the machine are two entirely different things. What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll. As far as I see it, the machine's security has still yet to be bested.

    1. Re:Whew, that was a close one... by Animaether · · Score: 4, Insightful

      What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll.

      Basically.. all of the reasons you want voting to be done anonymously apply here.

      If you can couple the emissions at the location of the machine with the emissions from a particular user - say, their mobile phone's signature - then you can go back to forcing people to vote for X and make sure that they do, roughing them up as an example to the others you told to vote for X if you detected a vote for Y instead, without a need to plant something on them or leaving any trace.

      In theory, anyway.

    2. Re:Whew, that was a close one... by Vellmont · · Score: 2, Insightful


      What's the most someone could do with this exploit?

      Uhh.. find out who someone voted for? All you need is two people, one in the polling place and someone else with one of these devices. If I really have to try to convince you of the value of secret votes, I give up.

      --
      AccountKiller
    3. Re:Whew, that was a close one... by coppro · · Score: 2, Insightful

      The issue is one of anonymity. Someone could (comparatively) easily phreak a machine when a specific person walks into the polling booth so that they could determine that person's vote. The integrity of the results is not compromised, however; there is no threat of vote-stuffing or fraud.

    4. Re:Whew, that was a close one... by synthespian · · Score: 2, Interesting

      What's the most someone could do with this exploit?

      A little context is needed in order to further explore this point. Brazil is a huge country, of continental dimensions. Voting is a mandatory civic duty (except for older citizens). In the remote and impoverished areas, intimidating voters or buying votes was a common, widespread practice, constituting what is termed an "electoral corral", that helped maintain veritable "political dynasties" in these areas for decades. One of the selling points of electronic voting was being tamper-proof, reducing the probability of fraud. There are myriad ways to make the political scale tip to the wrong side, the side that represents not what the people want, but what the-powers-that-be command...Remember the "pregnant chads" issue in Florida?

      It's easy to imagine setting up electronic gadgets in these very remote, impoverished and forsaken little towns in Brazil, in order to verify that the voter indeed kept his/her word when he "sold" his/her vote or to enhance intimidation or voter harassment, all under the unknowing eyes of the Electoral Justice officer (in Brazil, there's a branch of the Judiciary specifically to take care of electoral issues, such as enforcing legislation, etc.).

      Besides, one of the pillars of democracies is having the right to vote and this right must be protected from prying eyes of the State (and by extension, the ruling political party), lest the voting process becomes thwarted and non-representative of the will of the people, as well as to avoid political persecution of those who dared to vote for an opposing party. This is so in any country that has a serious voting process and now, you, noble tech nerd and Slashdot reader, knows why this is so.

      --
      Main difference between the BSD license and the GPL license: one is from California and the other is from Massachusetts
  3. Physical Security by tetsukaze · · Score: 4, Interesting

    So the cheap devices he used only worked inches away. A more powerful device might work up to 20 meters away. Now, I assume a more powerful antennae is going to mean a bigger one. Isn't this going to stand out? I would hope that there is someone in charge that would notice a foot long antennae being pointed at voting areas. You can secure the machine itself, but if you don't have real people doing their part, it doesn't matter how secure your voting machine is.

    1. Re:Physical Security by Sarten-X · · Score: 3, Insightful

      If an attacker were able to access the voting location enough to install an unnoticeable antenna, I'd be more concerned with small cameras. Even a large antenna in a nearby building would require somebody watching to see who was using which voting machine, in order to pose any real threat.

      --
      You do not have a moral or legal right to do absolutely anything you want.
  4. E-paper by MDMurphy · · Score: 3, Interesting

    Besides all the shielding options, perhaps this is a good use for E-paper displays? The persistent nature of the display would minimize the constant refreshing. The slow screen response would be unlikely to be an issue with a ballot.

  5. This happened with the Dutch in 2006 by JoshuaZ · · Score: 4, Informative

    As discussed here in 2006, the Dutch had to modify their voting machines back in 2006 due to exactly this sort of attack. http://politics.slashdot.org/article.pl?sid=06/10/14/1641239

    1. Re:This happened with the Dutch in 2006 by RAMMS+EIN · · Score: 4, Interesting

      That's only part of the story.

      The voting machines were vulnerable to more than just eavesdropping, although eavesdropping was the official story from the government and also what most of the press was about.

      However, the voting machines have since been banned. The latest elections were held with paper and pencil. It's good that way.

      Now if people would only understand this ...

      --
      Please correct me if I got my facts wrong.
    2. Re:This happened with the Dutch in 2006 by pv2b · · Score: 2, Informative

      You seem to think that paper voting systems by neccessity depend on transporting all the ballots to a central location, where they'll be counted.

      This is how paper voting works in Sweden.

      To summarize and simplify:

      • On election night, the ballots are hand-counted by election officials at every polling station. Results are phoned in to the authorities and tallied, and made available to the general public. (Basically an entire database dump of vote tallies in every district is made available as an XML over the Internet. Pretty cool.)
      • Afterwards, ballot boxes are sealed and sent to the local county to be counted again.

      • It goes without saying that Sweden is not directly comparable to Brazil, but consider this for a moment. It doesn't require all ballots to be hand-delivered to a central location where they will be counted - it's scalable. And no less secure than electronic voting. Probably just as secure technically, and more secure in practice, because it's easier to see when funny stuff happens to ballots in boxes than when bits are flipped.

  6. Cryptonomicon by MichaelSmith · · Score: 2, Interesting

    What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes?

    Honest replies welcome.

    Put rubbish on the screen and send all your actual output through the caps lock LED with xled.

    Not very useful outside in the real world, I know.

    --
    http://michaelsmith.id.au
  7. It could be big... by JazzyMusicMan · · Score: 2, Interesting

    If we could somehow reach a level where e-voting was secure, think of the possibilities. The people might actually be heard! Now whether you think that is a good thing or not, I leave as an exercise for the reader. But what I'm trying to say is, imagine voting from your home computer on issues that matter to you. No longer will your representatives be able to hand wave about what their constituency wants, heck, you might not even need representatives.

    1. Re:It could be big... by nietsch · · Score: 2, Interesting

      You just overlooked one small issue: voter turnout is already a problem in most democracies, as it is somewhat boring to vote for things your are not that interested in. If there were more elections, you would have to vote each week. Nobody is going to keep doing that, as most people do not see it as their job, and it is a process with very little positive feedback. So only the zealots and paid shills will remain, thus making your country run by big money and zealots with a nutty agenda. Not unlike the US is run now, actually.

      --
      This space is intentionally staring blankly at you
  8. No technology will prevent that by lwoggardner · · Score: 4, Insightful

    Not to say that secrecy isn't important, but once it requires a certain level of technology to eavesdrop then surely you just pick some random people and rough them up anyway telling the people you are intimidating that you have this "magic" eavesdropping technology.

  9. Re:Van Eck Phreacking will always exist by Frankie70 · · Score: 4, Insightful

    If your country really is free (something that Brazil is good at) there is no problem telling everybody who you voted on..
    Vote's anonymity only makes it easier to fake elections.

    Don't be silly.
    Secret ballot is one of the cornerstones of democracy.

    In a secret ballot, you don't get bribed to vote for a particular person because you can
    always say you voted for him while voting for him.
    Likewise, about getting pressured about voting for someone.

  10. As a person in the infosec field by seifried · · Score: 4, Insightful

    This is why I love the Canadian method: paper with circles, make an "X" in the circle you want, fold the paper and put it in the ballot box. Good luck hacking that on a large scale (what with scrutineers from multiple parties watching the election and the count and each other, plus the people there as independent scrutineers watching everyone else), and monitoring it (little cardboard voting booth on a table, voila, privacy. The only argument I could imagine is finger prints on the ballots, but you can wear gloves if you want.

    1. Re:As a person in the infosec field by bruno.fatia · · Score: 2, Interesting

      You should consider that Brazil has almost 6 times the canadian population (180 million for Brazil and 30 for Canada) and that these voting machines have decreased the time it takes to display results greatly. We have results with 90%+ machines accounted in less than 12 hours. So far this hack has been the most significant issue and it can be prevented now that the information is public.

  11. Dumb question... by EricX2 · · Score: 2, Insightful

    Why does the electronic voting machine have to be a touch screen? Why not a list of the options with buttons with an LED in them that light up when you press the button? The list could be on a separate display next to the buttons but nothing changes therefore the 'van eck phreaker' would only get the data on the screen, not the option picked... but I have no knowledge of this sort of stuff.

    Maybe some places do that, but where I live we do vote by mail.

    1. Re:Dumb question... by dlgeek · · Score: 2, Informative

      North Carolina used to use a system like that, a long time ago. (I remember my parents taking me with them when they voted, I got to help my mom submit her ballot, it must have been back in '96). However, the main draw of e-voting is accessibility: the ability to have high contrast and/or large size fonts, computer reading the ballot out loud, etc. This isn't possible with the equipment you describe.

    2. Re:Dumb question... by C0vardeAn0nim0 · · Score: 2, Informative

      because here in brasil we don't have voting districts, so in state and federal elections, a candidate from santos (a sea-side city in sao paulo state, some 80 km east of the state capital) can receive votes from people in ribeirão preto (a city 400 km west of the capital). this makes the candidate lists for federal and state deputies something in the thousands.

      our voting system uses numbers. each party is assigned a number (ex. PP=11, PDT=12, PT=13, etc.) and every candidate have a number prefixed with the party number (we don't have "independant" candidates. to run for anything you need to join a party). so when you go to the voting booth, you just type the candidate numbers, one candidate per screen. usually the screen order is:

      - president
      - governor
      - senator (one screen when only one seat is in dispute, 2 screens otherwise)
      - federal deputy
      - state deputy

      federal and state elections are held every four years and always coincide. municipal elections are held separatelly in between federal/state elections. the screen order is usually:

      - mayor
      - municipal legislator (vereador in portuguese).

      --
      What ? Me, worry ?
  12. Re:I'm still not even at this step yet by Onymous+Coward · · Score: 2, Interesting

    Among the others, enabling a non-FPTP system.

    If anyone isn't aware of how FPTP has hosed democracy, they should start here.

    The primary concern I recognize is that FPTP collapses your system into a two-party system and makes third parties non-viable. Just try voting for Nader or Kucinich.

  13. Re:Van Eck Phreacking will always exist by cpscotti · · Score: 2, Interesting

    There is no "REAL" anonymous vote since the sums of votes in a voting station is publicly available...
    You bribe half city; then check (on the publicly available channels) how many votes you got there... if you got less than expected... someone cheated and you "don't pay".

    If your idea is not to bribe a huge amount of persons we don't care.

    Bribe is another problem.. and can't really be solved by the voting machine itself.

  14. It's not a practical approach by SlappyBastard · · Score: 2, Interesting

    While in principle it is a good method for snooping a single monitor, it would take a ton of disentangling signals to read every monitor consistently at a polling place from any distance. It is not a practical way to screw with an election, considering that any party willing to snoop this aggressively is probably willing to do a lot more than just snoop.

    Frankly, it shows just how effective Brazil's security measures are that hackers have to go this deep into the playbook to get even one sort of result.

    --
    I scream. You scream. I assume that means we're both acquainted with the problem. We proceed.
  15. Re:Van Eck Phreacking will always exist by TheLink · · Score: 2, Interesting

    The people who think that secrecy matters so much are the ones living in a dream world.

    In many of those countries, the secrecy of your vote hardly matters anyway. After all, they've already done most of the voting for you.

    You might even get your hands chopped off for just daring to show up to vote.

    In places where you can have voter intimidation without the police stepping in (or the police being the culprits), secrecy of your vote is not much of a concern.

    And in some countries the voting system is so fast and efficient that everyone knows the results before they vote.

    That's the reality.

    As for nonintimidation cases - e.g. selling their votes, if someone wants to sell their vote for USD5, so what? Willing buyer, willing seller.

    A far bigger problem is gerrymandering. That's what makes buying and selling of votes and other tricks viable - if you can make 1000 votes count more than 100,000 votes, then it's cost effective to buy those 1000 voters. Make 1000 voters happy instead of the other 100,000 voters.

    Then there's the postal votes stuff. In many countries it's probably easier to just cheat via the postal votes.

    --
  16. Electronic voting in the largest democracy by devendra_l · · Score: 2, Informative

    Simple electronic voting machine that is successfully used by the largest democracy in the world :- http://en.wikipedia.org/wiki/Indian_voting_machines btw, these machines are used in all sorts of conditions. In some remote places with no electricity.