Slashdot Mirror
Researchers Demo Hardware Attacks Against India's E-Voting Machines
An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"
...would register a one-issue party against the use of insecure voting machines. Then win the election. Then fix the problem.
Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
Any security professional, IT or otherwise, who ever says "impossible to break" in any of its forms, should be directly fired.
No discussion. No explanations. You blabber idiocies about your supposed area of expertise, you're fired.
Or even poker machines. Every machine runs from a PROM. Authorities keep a table of validated PROM image checksums. Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.
Now thats no too hard, is it? Validate a small number of images, then make damn sure they don't get changed. Encourage simple, embedded systems as opposed to big operating systems with 30 million lines of code.
http://michaelsmith.id.au
We are more sophisticated. http://en.wikipedia.org/wiki/Booth_capturing
Perfectly illustrated in http://xkcd.com/538/
Folks,
It is important to put the size of elections in India in perspective and how they operate to understand any meaningful amount of fraud or corruption possible.
The EVMs in question are extremely simple. They only have a breakout panel with 32 buttons (expandable upto 64 buttons with an addon breakout button panel). The machine only ever knows the number of enabled buttons. The names and party symbols are affixed as paper "stickers" on the buttons.
---------------------
[B] S First Last Name
---------------------
[B] S First Last Name
------...
The order and placement of stickers on the buttons changes from constituency to constituency. The machines are sealed/unsealed in presence of at least 3 officials, though in practice, it's no less than a dozen or more, as it's a public affair and often media is present.
Some numbers (courtesy http://www.indian-elections.com/facts-figures.html):
Number of EVMs used: 1.023 million
Max candidates per EVM: 64
Max candidates in election from one constituency: 35
Total number of candidates: 5398 (India is a multi-party democracy)
Number of parties: 220
Number of registered voters: 675 million
Cost of '09 elections: Approx $2 billion
Any 'fraud' analysis needs to take the process and numbers into account. EVMs in India solve a LOT of problems with regard to elections and drastically cut down on time, effort and cost involved. There are a number of places where several miles of journey on the back of mule is needed to reach the polling booths. It's much easier to conduct an electronic poll there rather than carrying several large ballot boxes that could be snatched.
- mritunjai