There’s nothing you can do in software to really fix them.” “A lot of these electronic voting machines are software unfixable,” he says.
#Defcon vegas plus#
In the meantime, Hursti is advocating for a return to a smart paper-ballot and scan machine system, plus regular audits. That is a humungous amount of infrastructure.”įuture DEF CON Voting Machine Hacking Villages plan to tackle such larger election cybersecurity challenges, the organizers say.
#Defcon vegas registration#
The whole system is the election management system, the ballot originating system, the tallying system, the reporting system, the voter registration system, the e-poll books. That is the machine the voter sees,” Hursti says. “There has been a lot of interest in the voting machines, because that’s the customer-facing side. The machine cannot prove it’s been hacked.”Īnd while this year’s Hacking Village concentrated on voting’s front-end-the e-voting machines and e-poll registration systems used at polling places-there are other spots for hackers to attack. There’s no protective locks, there’s no forensic evidence gathering. “These machines have no capability of providing you any kind of evidence whether they were not hacked or hacked. “I said if you continue to use these machines, that will always remain true,” Hursti says. Hursti recalls an interaction he had with Ohio’s then-Secretary of State Jennifer Brunner, who he says assured him there was not a single incident of any e-voting machine ever being hacked. The untraceability of such hacks is nothing new. One disturbing aspect of a number of attacks was that a hacker might be able to cover their tracks. As Village co-organizer Matt Blaze, associate professor of computer and information science at the University of Pennsylvania, tweeted, “Overheard more than once (at the Hacking Village): 'Wait, it can't be that simple, can it?'”Īnother attendee added, “Default passwords, man. The restricted access that real-world hackers previously had to voting machines made the weekend something of an opening of the floodgates. So, realistically, the Hacking Village couldn’t have happened anytime before the Copyright Office’s DMCA e-voting machine exemption, Hursti says. And those few like Hursti who could access them had to ensure that the machines were not altered in any way that might affect their performance or void their warrantees. Prior to 2015, Hursti says, the DMCA restricted e-voting machine access to hackers. That rule established that hacks to e-voting and electronic vote counting and tabulating systems are allowable under the Digital Millennium Copyright Act-so long as those hacks are used for research purposes. One big difference between now and then is a key rule issued in October 2015, by the U.S. But it took him two weeks instead of the few hours it took hackers last weekend. “I hacked the same e-poll book system in 2007,” Hursti says. Both hacks, Hursti says, undermine critics who have claimed that computerized election system hacks are too elaborate and unrealistic to be used in real world settings. The Danish hacker, Hursti added, also had no prior knowledge about the e-voting system he hacked.
(This may be a conservative estimate, as the hacks discovered at the Village are now being verified and studied before they’ll be compiled and counted as legitimate new hacks.)
In total, the inaugural e-voting hackathon turned up at least 18 new vulnerabilities to e-voting and e-poll book systems. Soon after on the same morning, a second group in the room wirelessly hacked into a popular electronic poll book system, responsible for storing and maintaining voter registration information. And before the Hacking Village organizers were even finished with their opening morning introductory remarks, a Danish hacker in the audience had already broken into one of the target machines wirelessly. In it, conference attendees were given access to many of the most popular voting machines and voter registration tracking systems in use around the world today. Some of those hacks could potentially leave no trace, undercutting the assurances of election officials and voting machine companies who claim that virtually unhackable election systems are in place.ĭef C on, an annual computer hacking conference celebrating its 25th year, hosted its first Voting Machine Hacking Village this year. This conclusion emerged from a three-day-long hackathon at the Def Con security conference in Las Vegas last weekend. E-voting machines and voter registration systems used widely in the United States and other countries’ elections can readily be hacked-in some cases with less than two hours’ work.
0 kommentar(er)
