Hacker convention report reveals voting machine loop holes
DEF CON is world’s premier hackers convention. At this year’s event, organizers set up a ‘Voting Village’. Over the two-and-a-half day event, hackers were allowed to figure out ways to hack several voting machines. Many of them were successful with relative ease.
At the world’s premier hackers convention, hacking a voter system was as easy as ever, according to media reports.
A summary of the “Voting Village” event posted last week said hackers at Defcon “compromised every single machine over the 2.5-day event, many of them with trivial attacks that require no sophistication or special knowledge on the part of the attacker.”
“In most cases, vulnerabilities could be exploited under election conditions surreptitiously…an attack that could compromise an entire jurisdiction could be injected in any of multiple places,” according to a full version of the report.
Lock-picking a ballot machine used in previous U.S. elections at the DEF CON 27 Hacking Conference "Voting Village." (Alex Diaz/Fox News)
HOW TO PROTECT YOURSELF FROM RANSOMWARE USING WINDOWS 10
In many cases, physical ports were unprotected, passwords were either left unset or in their default configuration and security features went unused or in some cases, were disabled, the report added.
Attendees were given access to over 100 machines at the event, including direct-recording electronic voting machines, electronic poll books, Ballot Marking Devices, Optical scanners and hybrid systems.
One machine, based on an old PC hardware, had no BIOS password set on the machine. The BIOS (Basic Input Out System) controls the basic functions of a PC.
“Consequently, participants were able to boot an arbitrary operating system off a live CD… Ultimately, the device was used as an entertainment device, amusing visitors with Nyan Cat,” the full version of the report said.
On another system, a keyboard and Ethernet connection could be plugged in by simply removing the top of the machine’s case. The casing is secured by only by 3 screws and does not have any tamper-evident seals. “Immediate root access to the device was available simply by hitting the Windows key on the keyboard,” the report continued.
A piece of U.S. elections equipment is hacked at the DEF CON 27 Voting VIllage in Las Vegas to show an animated "nyan cat," among other things.
ELECTION MACHINE KEYS ARE ON THE INTERNET, HACKERS SAY
Another device, one that combines an optical paper ballot scanner and ballot marking device and allows for access by the blind and visually impaired, has a single locking mechanism for the entire ballot box. “If picked, ballots could easily be stolen using common items such as a standard trash picker,” the report stated.
Participants were able to access common computer ports on the device such as USB, RJ45, and CompactFlash slots on this machine “without using destructive force…[and] boot settings also allow for the system to be booted from an external USB on startup.”
The report recommended the use of paper ballots, as well as rigorous post-election audits.
Hackers have previously said that election machine keys are available on the internet. On the flip side, federal officials have also sought out so-called "white hat" hackers to help protect U.S. national security and infrastructure.
Get a daily look at what’s developing in science and technology throughout the world.