Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Voting Hack Alters PDF Ballots In Transmission

Posted by timothy on from the don't-let-the-nice-man-borrow-your-router dept.

msm1267 (2804139) writes Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren't where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called 'Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering' that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes.

2 of 148 comments (clear)

  1. I could save money on my server costs by JohnnyDoesLinux · · Score: 3, Interesting

    I do PDF processing using a server class rack mount machine. Damn, if I could have known that I could have used a cheap off-the-shelf router to do this, I could have had a raise..

  2. Um, SSL? by Craig+Ringer · · Score: 3, Interesting

    Otherwise known as the "voting machine company was too stupid to implement SSL" attack?

    Or, for email, the "what idiot thinks email is secure without local S/MIME or PGP signatures" attack. Seriously, on-wire tampering is the least if your worries if you're *emailing* ballots around.