Security Firm Shows How To Hack a US Voting Machine

An anonymous reader writes: "Three days before the US Presidential Election takes place, California-based security firm Cylance showed the world how easy it is to hack one of the many [electronic] voting machine models that will be deployed at voting stations across the US on Election Day." Bleeping Computer reports that "The machine that Cylance researchers chose for their test was the Sequoia AVC Edge Mk1, one of the most popular models... The technique researchers created modifies the Public Counter, but also the Protective Counter, which is a backup mechanism that acts as a redundant verification system to ensure the first vote results are valid." Physical access is needed to hack the machine, but the hack takes a short time to perform.
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."

Re:physical access to machine?

[Zak3056]

They and a few hundred of their friends could register to vote?

Guaranteed physical access to at least one machine per person involved in the conspiracy. Flipping a few key precincts is all you need to have a high probability of changing a US presidential election outcome.

Re:Bullshit defense

[dywolf]

its not ignorant just because you don't understand the point being made.

theyre making the point that because we don't have a uniform centralized system controlled from the top down anyone who actually wants to attack the electoral process would have to expend a tremendous amount of resources to have any affect.

my county uses paper ballots, that go into a scantron type scanner permanently attached to a large pelican case. the scanner is non-networked. the next county over still uses punch cards (hopefully of a better quality than Florida's). in both cases the final tally is only accessibly by authorized personnel who must physically transcribe the number, with multiple person verification, onto a form that's reported to the sec state.

the clunky and dispersed nature of the system IS a form of security, rather than a lack of it.
an attacker might be able to exploit a flaw in the machines or even the people used by one county, but that's it. the attack can't proceed any further than that one county. to scale up requires an equal level scaling up in the size of the conspiracy and it simply becomes unworkable and unreasonable to actually pull off.

Re: physical access to machine?

Given the Wikileaks' revelations, if I had to guess which part vote rigging could ever come from, I would definitely opt for Clinton. If a person is financed by Goldman Sachs, Qatar and Saudi Arabia, surely ethics isn't really a big deal for her, not to mention that we've just discovered that the same person is allowed to illegally process classified information on a private computer, which used to be a federal crime until few months ago.
I would feel safer and more reassured if voting count was performed by Cosa Nostra, at least they have some sort of "honor" to preserve.