US Voting Machines Cracked In 90 Minutes At DEFCON

An anonymous reader quotes The Hill: Hackers at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure. Tech minds at the annual "DEF CON" in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software. According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products. Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.
Though some of the machines were out of date, they were all from "major U.S. voting machine companies" like Diebold Nixorf, Sequoia Voting Systems, and WinVote -- and were purchased on eBay or at government auctions. One of the machines apparently still had voter registration data stored in plain text in an SQLite database from a 2008 election, according to event's official Twitter feed.

By Saturday night they were tweeting video of a WinVote machine playing Rick Astley's "Never Gonna Give You Up."

Re:Not being used any more

18 states are 100% paper ballots.

Hard to hack the results in Michigan when its pen and paper.

Re:Not being used any more

Actually, during the brief recount effort in Michigan before it was shut down, roughly 60% of the ballot boxes opened did not contain the number of ballots they were supposed to. Some were off by pretty significant percentages; I know that one box that according to the ledger should have contained over 350 votes actually contained less than 50. We didn't get even close to opening all of them.

It may not have been a "hack", but SOMETHING definitely happened....

Re:Not being used any more

[dbIII]

Maybe, but it's kind of a big deal if they have ever been used live in an election and are found to be this substandard. It's worth looking at the process involved to purchase the things in the first place to see if there were any shortcuts or criminal activity (eg. kickbacks) in the process to avoid the same mistake happening again.
Also a lot of smug bastards like me get to say "I told you so". Diebold especially were up to a few things that looked very suspicious, including having a convicted fraudster in charge of the project.

Same pattern everywhere

[Archtech]

The root problem with voting systems is that, fundamentally, they can only be as reliable as the people who operate them. If those people really honestly want to conduct fair, unbiased, honest elections then, on the whole, that is what will ensue. There may be glitches and little pockets of unfairness, but if the people who vote AND the people who run the system all want an honest result, they will get one.

The trouble arises when a critical fraction of those involved in running an election do not want an honest outcome. Frankly, there are so many ways of cheating that it would be tedious to list them. Just imagine what a highly-trained, experienced security specialist would make of any democratic voting system. They are so full of holes that there are more holes than solid material.

Sure, voting machines can be hacked. But if you run a system without any machine more complicated than a pencil, there are still ample opportunities for massive cheating. Anyone familiar with the history of elections could write down dozens of examples. As one of the most often-quoted remarks on the subject tells us, it's not who votes that counts - it's who counts the votes. (And who look after the actual ballots in the long watches of the night, and who has control of the totals once they have been written down).

The situation is just the same as with the US Constitution. Admirable in principle, well-intentioned, and carefully designed to preserve freedoms. But... no piece of paper, in and of itself, can stop people doing bad things. That's obvious. So the missing piece of the puzzle must be that the people who rule choose to act in accordance with the piece of paper. For years now, they haven't.

In a country where the Supreme Court can solemnly declare that bribery is free speech, and that corporations are people, no statement or declaration of principle is safe. Powerful people can simply "interpret" it to mean something entirely different.