Slashdot Mirror

← Back to Stories (view on slashdot.org)

Internet Voting Hack Alters PDF Ballots In Transmission

Posted by timothy on from the don't-let-the-nice-man-borrow-your-router dept.

msm1267 (2804139) writes Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren't where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called 'Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering' that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes.

26 of 148 comments (clear)

  1. Umm, encryption? by thebes · · Score: 2, Informative

    Why isn't that referenced? E2E encryption eliminates this, assuming the user is not an idiot.

    1. Re:Umm, encryption? by mlts · · Score: 2

      I might be wrong, but the last time I checked, the forms feature in Acrobat would allow the stuff in the PDF to be submitted via SSL. It didn't submit the PDF as a file... just the stuff in the forms.

    2. Re:Umm, encryption? by fustakrakich · · Score: 5, Funny

      Well, both do run at 2.4GHz, at least in my house... They have a clock, and they beep when they're finished. And the computer keeps my coffee warm. Is there really that much difference?

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Umm, encryption? by sunderland56 · · Score: 2

      Maybe you missed the story from tuesday where ISPs can and do turn off the encryption for you?

      Plus, if you've replaced the router's firmware, it can make it *appear* as if you have e2e when you do not.

    4. Re:Umm, encryption? by DanielHenneberger · · Score: 2

      ISPs can't just turn off all encryption. They can only denial of service connections to downgrade encryption for services that offer it.

    5. Re: Umm, encryption? by Anonymous Coward · · Score: 2, Funny

      One has a cup holder

  2. Re:Pedantic by Bob_Who · · Score: 3, Insightful

    Clearly, this would never happen outside of an academic setting. Who would bother?

    Does it matter, who?

  3. ssh / scp / https maybe? by roman_mir · · Score: 2

    so how about not running an http server but instead using an https connection? Here, solved this one for you.

    --
    You can't handle the truth.
    1. Re:ssh / scp / https maybe? by Shakrai · · Score: 4, Insightful

      Snide answer: How about getting off your ass and actually going to the polling place to vote?

      More contemplative answer: How do you actually prove the person behind the keyboard is the registered voter in question, even if your system is totally secure from threats in transit? How do you prove they're not being unduly influenced, perhaps by an employer or other person with a financial sword to hold over their head? This can be precluded in the polling place with a secret ballot; it can not be prevented if people are voting via computer or absentee. (*)

      (*) Obviously allowances need to be made for people who are disabled or otherwise unable to make it to the polls, but I fail to see why an otherwise able bodied adult should regard a trip to the polling place as onerous.

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    2. Re:ssh / scp / https maybe? by Shakrai · · Score: 2

      Give me a single solid example - voter validation leaves a paper trail

      I worked elections for eight years in the State of New York. All we had to go on was your signature and address. The process in NYS goes like this:

      Me: What's your name?
      You: I'm Mr. Immerman.
      Me: *Flipping through poll book, finds you* What's your address Mr. Immerman? (many poll workers omit the address verification, but we are supposed to ask, and I always followed procedure)
      You: 123 Main St.
      Me: Sounds good, sign here please.

      In theory I can challenge you if the signature doesn't match what I have in the book but in reality we're not handwriting experts and such challenges were never made. Heck, even if I was a handwriting expert I wouldn't issue such a challenge; signatures change over time and the one in the poll book is from your original registration card and may be decades old. The only way I would catch you trying to cast a ballot under another name would if the voter you were trying to impersonate was personally known to me.

      Why is an ID requirement regarded as so burdensome by Democrats? Most European countries have two factor authentication; they mail a registration card to your address, which you're required to bring, along with your photo ID. In this manner they verify both your address and your identity. Nobody is accusing the EU of being racist with such requirements. What's the problem with having something similar in the States?

      --
      I want peace on earth and goodwill toward man.
      We are the United States Government! We don't do that sort of thing.
    3. Re:ssh / scp / https maybe? by riverat1 · · Score: 2

      Out of the hundreds of millions of votes cast over that past 14 years they've found less than 30 cases if in-person voting fraud which is a fraud rate of less than 0.00001%. Voter ID is just a solution looking for a problem. Before Oregon switched to vote-by-mail I would go to the polling place, they'd find my name and address in the poll book, I'd sign the line next to it and get my ballot. Now with vote-by-mail I sign the outside of the envelope (which has an inner secrecy envelope so it can be separated without identifying my ballot) which is compared with the signature on file from my voter registration. That system has worked just find for a century. Why make voting any more complicated than it has to be?

  4. Re:Open Vulnerability by fustakrakich · · Score: 4, Insightful

    No computer is suited for elections. They need constant verification, which they are not getting.

    And I sure do hear a lot of people saying, *I didn't vote for that!*, more than usual, but I don't expect anything to come of it. Everybody is just too conditioned to write off such talk as crazy.

    --
    “He’s not deformed, he’s just drunk!”
  5. I could save money on my server costs by JohnnyDoesLinux · · Score: 3, Interesting

    I do PDF processing using a server class rack mount machine. Damn, if I could have known that I could have used a cheap off-the-shelf router to do this, I could have had a raise..

  6. Re:Pedantic by ShanghaiBill · · Score: 4, Insightful

    Clearly, this would never happen outside of an academic setting. Who would bother?

    Does it matter, who?

    The outcome of elections are worth billions to vested interest groups. $4 billion was donated to candidates and PACs in the months preceding the election on November 4th. Many, many, people would "bother".

  7. Paper? by xtal · · Score: 4, Insightful

    Seriously?

    Whats wrong with paper?

    Lots of systems for automatically dealing with it. Unique and irrefutable record. Easy to recount. Don't like one machine? Design a better one to scan and count. People really pissed off? Count those SOBs one at a time in front of a crowd on a big-screen TV.

    Ballot boxes are easily placed out in the open; they're easily observed and tracked by as many people as would like to. The entire way through the process.

    Lots of very large, modern democracies just use paper. Including your neighbours up north. X marks the spot.

    Crazy.

    --
    ..don't panic
    1. Re:Paper? by xtal · · Score: 2

      ..or just use a piece of paper.

      --
      ..don't panic
    2. Re:Paper? by xtal · · Score: 2

      Do you know how this works?

      The box goes out in the open. Everyone can watch things go in.

      The count is done with several people. Observers can watch. That's how it's done in Canada. Really.

      The whole process, if fraud is a concern, can be watched end-to-end. There is no opportunity for "extra slips".

      Paper works and is AFAIK the hardest to game and has the most oversight. I question those who are so quick to get rid of it.

      --
      ..don't panic
  8. Man in the middle versus E2E by goombah99 · · Score: 2

    E2E encryption likely won't work. The router would set it self up as a proxy to allow a man in the middle attack. But you might be able to use encryption of the ballot itself, not it's transmission layer to avoid a problem. However this would be a pain in the ass since now the user has to somehow assign passwords and stuff.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  9. Re:Open Vulnerability by fustakrakich · · Score: 3, Insightful

    When you keep the divisions within the margin of error, it is very easy to push the results one way or the other without raising suspicion, and any possible evidence is very easy to hide, or destroy, as the case may be. But without that, it is not difficult to trace means and motive, and only one conclusion can be drawn. Why should I ever give the authorities the benefit of the doubt? Isn't 10,000 years of precedence enough?

    --
    “He’s not deformed, he’s just drunk!”
  10. Code execution privileges allow code execution! by ShadowRangerRIT · · Score: 4, Insightful

    How is this even noteworthy technologically? He's assuming he can modify the router firmware. "If I completely replace the software handling my data, I can change the data!" Seriously? That's the dumbest, most obvious thing possible.

    --
    $_ = "wftedskaebjgdpjgidbsmnjgcdwatb"; tr/a-z/oh, turtleneck Phrase Jar!/; print
    1. Re:Code execution privileges allow code execution! by duck_rifted · · Score: 2

      It's dumb and obvious to anybody who knows anything about tech. That is, nobody in politics. That is, nobody responsible for deciding whether to use these machines. When policy is drafted by people who just say whatever the highest bidder pays them to say, it helps to point out the obvious.

  11. Re:TLbhtlhblthttt. by blueg3 · · Score: 2

    2. covertly install functioning hacked firmware on the wireless routers of a significant percentage of the citizenry

    That's already been done in the real world. It looks like it was done on a budget that's trivial compared to the value of modifying votes.

  12. Um, SSL? by Craig+Ringer · · Score: 3, Interesting

    Otherwise known as the "voting machine company was too stupid to implement SSL" attack?

    Or, for email, the "what idiot thinks email is secure without local S/MIME or PGP signatures" attack. Seriously, on-wire tampering is the least if your worries if you're *emailing* ballots around.

  13. Voter surpression by rsilvergun · · Score: 2

    is what's wrong with paper. Long lines in poor neighborhoods. Broken machines. Polling places closing hours early when you know people can't take time off to vote

    You'll never see voting day a national holiday because the powers that be don't want the lower caste voting. Progressives do though, and we're trying to come up with ways to combat voter suppression. From the progressive standpoint who cares if it gets hacked? The paper vote has already been hacked so to hell by voter suppression that things can't get any worse.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Voter surpression by Anonymous Coward · · Score: 2, Informative

      But you can solve that with paper, too. In fact my state does: I live in a 100% vote-by-mail state, so there's no lines and no worries about having election day off or time to votes. It's not a perfect solution, but it does solve those problems. Although you can also print off a ballot if you lose the one mailed to it, which is less secure (all you need is a name and birthdate). Also, voting not in a voting place means there's no controls to prevent coercion and ensure vote privacy.

  14. This is not about router security by misnohmer · · Score: 2

    If this can happen at home router level, think what can be done at the ISP. This is not an issue of router security, because your traffic can be intercepted with other techniques, this points to a much larger problem that electronic voting results can be changed in transit and they travel over open internet. Who can change packets in transit, let's see:
    * US government (NSA, FBI, or any other agency with full access)
    * Government sponsored hackers (Russia, China, etc...)
    * Your ISP (Comcast, Verizon, etc)
    * Backbone ISP (Level3, Sprint, MCI, etc)
    * Non government sponsored hackers (Anonymous,...)
    The traffic should be secured end-to-end - both authenticated and encrypted (the latter for privacy reasons).