Slashdot Mirror
Security Firm Shows How To Hack a US Voting Machine (bleepingcomputer.com)
An anonymous reader writes: "Three days before the US Presidential Election takes place, California-based security firm Cylance showed the world how easy it is to hack one of the many [electronic] voting machine models that will be deployed at voting stations across the US on Election Day." Bleeping Computer reports that "The machine that Cylance researchers chose for their test was the Sequoia AVC Edge Mk1, one of the most popular models... The technique researchers created modifies the Public Counter, but also the Protective Counter, which is a backup mechanism that acts as a redundant verification system to ensure the first vote results are valid." Physical access is needed to hack the machine, but the hack takes a short time to perform.
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."
FBI Director James Comey said in September that America's voting machines would be hard to compromise because they're not connect to the internet, but these researchers simply used a PCMCIA card to reflash the machine's firmware. Comey also made the reassuring point that it's hard to "hack into" America's voting system because "it's so clunky and dispersed. It's Mary and Fred putting a machine under the basketball hoop at the gym."
Comey also tried to get encryption backdoored. He was behind the attempt to get Apple to backdoor their phones.
https://www.theguardian.com/technology/2016/feb/25/fbi-director-james-comey-apple-encryption-case-legal-precedent
You don't need to hack lots of voting machines to rig an election, you only need to hack the RIGHT voting machines. The ones in key districts of key states. And don't kid yourself that paper makes it safer, it doesn't.
Because the people counting the vote are also a risk, that is why vote counting is done in public in front of the candidates representatives. In Putin's last but one election, he nearly lost, there was a massive swing at the end. Districts that had already reported locally reported different numbers at the aggregation, suddenly they were 96% turnout and 88% for Putin.
Exactly the same pattern was seen from the pro-Russian districts in the Ukraine elections, ridiculous turnout numbers, not supported by video of voters on the ground, and ridiculous pro-Yanukovych (a Putin puppet leader) margins in those regions. Impossible numbers not matching reality, polls, or actual observed turnout. Democracy requires double checking of everything at all times.
Now think for a second how many times people email passwords around, I bet there are passwords for US election officials emailed at some time, or sent via backdoored or inadequate encryption.
Comey needs to take elections more seriously.