Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Firm Shows How To Hack a US Voting Machine (bleepingcomputer.com)

Posted by EditorDavid on from the hypothetically dept.

An anonymous reader writes: "Three days before the US Presidential Election takes place, California-based security firm Cylance showed the world how easy it is to hack one of the many [electronic] voting machine models that will be deployed at voting stations across the US on Election Day." Bleeping Computer reports that "The machine that Cylance researchers chose for their test was the Sequoia AVC Edge Mk1, one of the most popular models... The technique researchers created modifies the Public Counter, but also the Protective Counter, which is a backup mechanism that acts as a redundant verification system to ensure the first vote results are valid." Physical access is needed to hack the machine, but the hack takes a short time to perform.
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."

11 of 209 comments (clear)

  1. Re:Best solution I ever heard by Joe_Dragon · · Score: 3, Insightful

    and your boss can force you to vote their way with that as well.

  2. Re:physical access to machine? by Anonymous Coward · · Score: 2, Insightful

    How do bad actors accomplish that on a large scale?

    For example, there are Democratic Party's employees in every single town in the US, they are very well funded and organized, and even an 80 year old drunkard can simply insert and remove a pre-configured PCMCIA card, there's no need for "hackers"...

  3. Re:Best solution I ever heard by CajunArson · · Score: 3, Insightful

    Scantron is fine since it combines a simple, reliable, non-networked and relatively hard to hack scanner at each polling location with easy to read paper ballots as a backup in case of mischief. That combines the basically instantaneous and accurate results of a machine with the

    The receipt of who you voted for is a disastrously bad idea though. First of all, there's no way that receipt could ever be used in a recount for obvious chain-of-custody reasons so it doesn't reduce fraud at all. Second of all, it makes it so that a black voter in Philly better show that he voted for Hillary or else -- or that a white voter in rural Alabama better show he voted for Trump or else. Nobody (ok, nobody with any integrity) wants that.

    --
    AntiFA: An abbreviation for Anti First Amendment.
  4. Re:Best solution I ever heard by Anonymous Coward · · Score: 4, Insightful

    *Sigh* - the voting system shouldn't have a receipt you can use to prove who you voted for. This leads to (a) vote selling and (b) coercion. This is a simple basic requirement of the voting system. Please don't make recommendations until you learn the basics.

  5. Re:physical access to machine? by rmdingler · · Score: 3, Insightful

    For the most part, they'd need to be registered in each precinct. Registering with a fake address is one of the easier forms of voting fraud to detect.

    Yes. There is also little need to rig the precincts because the two-party system itself dominates the electoral landscape.

    Here are your "choices", voters! Aren't you grateful you live in a free Republic?

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  6. Re:physical access to machine? by ArchieBunker · · Score: 3, Insightful

    Break into the warehouse where the machines sit for 4 years...

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  7. Paper... by JasterBobaMereel · · Score: 5, Insightful

    The paper and pencil voting system with manual counting is even more unhackable, and easily verifiable whilst still being anonymous and immune to vote selling ad coercion ...and is used all over the world with no real issues ....

    --
    Puteulanus fenestra mortis
  8. Re:physical access to machine? by Geoffrey.landis · · Score: 3, Insightful

    How do bad actors accomplish that [physical access] on a large scale?

    Voting machines are stored when they are not in use, and in general, the places they are stored are not guarded by armed guards. (And, more to the point, are not guarded by pairs of armed guards.)

    To get physical access to the machines, you just need to get a key to the warehouse that they're kept in. Try the janitor.

    There are a large number of people associated with each voting precinct. You just need to insert one person. And you don't need to alter all the machines-- just a few.

    --
    http://www.geoffreylandis.com
  9. Secret ballot is important by Geoffrey.landis · · Score: 5, Insightful

    An abusive spouse is just one of thousands of scenarios of voting coercion.

    The U.S. adopted secret ballots for a reason: to make it harder to implement vote buying and coercion. Maybe you're thinking that in modern times when everybody is trustworthy and nobody had bad motives, we don't need this safeguard.
    But nevertheless, there is a reason for the secret ballot, and we shouldn't undermine it.

    --
    http://www.geoffreylandis.com
  10. Re:physical access to machine? by hey! · · Score: 4, Insightful

    Except the US government does not have custody of or access to the machines. The machines are owned, operated, and secured by local governments.

    Thus an effort to by the US government to hack the machines would entail clandestine physical access to the machines -- a "black bag job". And to throw the electoral college you need to do a lot of burglaries in a big state, or a lot of burglaries distributed across multiple small states. In 2000 it could have been done by hacking a single precinct (about 2500 voters in FL), but nobody could have known it would be quite that close; so you'd really need to hack a lot of machines to be sure, and if you're doing something like that you want to be very sure. It's a cost/benefit calculation: hack too little you risk getting caught and undermining a legitimate victory; hack too much and your risk of getting caught goes up rapidly as more people and places are involved. Nobody could know in 2000 that the margin would come down to 537 out of eight million registered voters.

    And in 2016 the risk/benefit math is dominated by this fact: if you add up all the safe states for each candidate, Clinton has to win just 18 EVs from the remaining contended states; Trump needs to win 107. If Clinton wins just one of the five largest contested states she wins the electoral college; this amounts to five rounds of single elimination for Trump. On top of this there is a massive disparity in ground game. Trump only started to organize get-out-the-vote (GOTV) infrastructure in the final weeks of the campaign, making it difficult for him to score upsets over polling. Clinton has been preparing her ground game for years.

    So it makes no sense for Clinton (supposing she had friends in the FBI or CIA to help her) to risk undermining the legitimacy of an election she is very, very probably going to win.

    All that said, voting machines DO pose a serious threat to the legitimacy of local elections. Also, voting machine malfunctions could well throw the presidential election one way or the other.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  11. Re:Bullshit defense by jez9999 · · Score: 3, Insightful

    Comey is the guy who's come out and said Hillary Clinton is basically innocent of any criminal wrongdoing. You'll forgive me if I don't have too much faith in his opinion.

    --
    == Jez ==
    Do you miss Firefox? Try Pale Moon.