Security Experts Able To Hack Into Nearly Every E-Voting Machine
from the seems-a-bit-troublesome dept
Back in March, California decided that after years of negative publicity about the security of e-voting machines (and certainly enough evidence to suggest they weren't very secure) that it would allow independent security experts to try to hack into any machine before it got approval to be used in California elections. Those researchers have gone ahead and found that every machine they tested was hackable -- often very easily. The researchers were able to hack into Diebold, Sequoia and Hart InterCivic machines. They didn't get a chance to test ES&S machines because, as you may recall, ES&S stalled before handing over their source code (and included a nasty threatening letter with it). To be fair, these machines were tested in non-normal conditions, where the researchers had access to all sorts of documentation, the full source code and no election going on where people might spot them tampering with a machine. That is, this doesn't mean that it's necessarily easy to hack an election. It just means that all of the machines have some insecurities -- most of which we didn't know about before. The key here is that we can now understand these insecurities and whether or not they're adequately protected by other measures. What still doesn't make sense is why the e-voting firms are so against this process. All it's really doing is helping those companies improve their products to make them more secure. Of course, one key reason is that the researchers found that many of the security problems are because the machines weren't built with security in mind -- but only had it added as an afterthought. In other words, these companies probably should be redesigning their machines from scratch, which they don't want to do. Of course, does it worry anyone else that the machines weren't designed with security in mind in the first place?Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: california, e-voting, security
Companies: diebold, es&s, hart intercivic, sequoia
Reader Comments
Subscribe: RSS
View by: Time | Thread
first!!
[ link to this | view in chronology ]
Re: first!!
[ link to this | view in chronology ]
Re: Re: first!!
Try reading a book once in a while, for example "The Best Democracy Money Can Buy" by Greg Palast.
"More recently, they have been busy registering felons currently serving in prison, those who have forfeited their right to vote by their criminal activity"
My guess would be they're doing that to compensate for all the people the Republicans incorrectly prevented from voting
[ link to this | view in chronology ]
re: first!
[ link to this | view in chronology ]
That would have stopped all the fun
"It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." - Joe Stalin
[ link to this | view in chronology ]
The real problem
[ link to this | view in chronology ]
Re: The real problem
Not really, it still serves its intended purpose; to give the people of sparsely populated states a voice.
But for that New York and California would pretty much decide everything, and Montanans might as well stay home on election day.
[ link to this | view in chronology ]
republicans dishonest
Republicans gang up and rape whole industries, like the savings and loan corporations, like Navy oil reserves, like strategic petroleum reserves, like insurance companies. Democrats don't say much because, well, there're just too many of 'em. We tried shooting them all and that didn't work, but it slowed them down in the 1860's & 1870's.
[ link to this | view in chronology ]
Re: republicans dishonest
As much as I would love to believe that the Bush's, not money, are the root of all evil, I think people will find your... accusations... a little tough to swallow without proof.
[ link to this | view in chronology ]
The moonbats are out tonight....
[ link to this | view in chronology ]
Can we get back on topic?
I use to work on the older lever-type voting machines and if you gave me the kind of access these researchers had I could rig them too. The sad truth is, elections have been rigged for as long as there have been elections so don't be afraid of new technology. Trust but verify...
[ link to this | view in chronology ]
What if we looked at cars this way?
What if the police department hired an outside firm to examine the next fleet of police cars they were going to purchase? The independant organization would find that none of the police cars are safe: They can go too fast, use explosive gasoline, don't provide adequate security measures to prevent a theft, are too heavy, may lose control when taking a corner too fast...
Now really, if you look at anything at all you can pick it apart and find something wrong with it. Is E-voting secure? I doubt it. Is hand-counting fool-proof? I doubt it. Is the world going to end? Yes, absolutely.
We wouldn't need some many stupid laws and security if people followed the 2 commandments from God: Love God, and Love your neighbor. That pretty much covers it all.
[ link to this | view in chronology ]
Re: What if we looked at cars this way?
all excellent reasons why police cars are not used for e-voting
[ link to this | view in chronology ]
It would be equaly effective (without the religion) if everyone followed the concept of Karma. Believe it or not, when you do something you know is wrong to someone else, it will come back on you in some form or another.
But at the same time, if you do something you know is right and go out of your way to do the right thing, that will come back on you in some form or another as well.
freak3dot
[ link to this | view in chronology ]
Re: freak3dot
Leaving the religion out of things is why the world is such a mess. America was created for religion of freedom. Things have now swung so far the other direction that we are now a country based on freedom from religion. Many people today are looking out for themselves. The idea of Karma comes from religion, although it may not be directly religiously based. It is just another example of people stripping religion from all that is good and trying to claim it for themselves (no offense. My comment is not directed at you who follow Karma, but rather the people who start such movements in the first place). Good and Bad happens to people regardless of what you do. I do not have a better life because I am a Christian. I am a Christian because God loves me no matter what I have done. If you were offended by something I said, please find a church and talk to someone. Dialog is a good thing.
[ link to this | view in chronology ]
Re: Re: freak3dot
Sounds like you're trying to say that religion itself isnt the problem but the people in interpret it are. That I can agree with seeing as how religion has been used to justify some of histories darkest moments.
I personally do not think I have the decent life I have because I am agnostic but I am agnostic because while firmly believe that there is a higher power running things in the universe I really don't care who/what she/he/it is.
And by the way:
The idea of Karma comes from religion, although it may not be directly religiously based. It is just another example of people stripping religion from all that is good and trying to claim it for themselves
I'm not sure what you are saying here.
[ link to this | view in chronology ]
Voting Machines
If what you said in this article is true, then it is indeed alarming because it means that no election would be reliable.
I expect the authorities will take steps to plug the security holes.
Ikey Benney
[ link to this | view in chronology ]
Any real world hacker worth their salt would do the same thing. As for tampering - well that all depends on where you are and who you know.
Of course, it won't matter, because it makes it so very easy for elections to be 'fixed' and dupe the public.
[ link to this | view in chronology ]
zero day
[ link to this | view in chronology ]
Quit the arguing...
The topic at hand here isn't who may be stealing elections from who but the fact that elections can be stolen with help from these e-voting machines with questionable security. Personally I'd say the best way to test these machines would be to hold a mock election in a real city. That way the test conditions are as real as possible and anyone trying to comprimise the machines will have to actually think about how to do it instead of being given the manuals and documentation.
[ link to this | view in chronology ]
Windows based...
[ link to this | view in chronology ]
However, mass tampering that can sway an election is generally done by the people running it, not someone randomly walking in on election day. A test where the hackers have total access is the right way to do it.
It is totally possible to design a system where a hacker cannot subvert it without alerting everyone. I doubt that is possible if these are all windows apps. It really requires specially designed hardware such that even the voters can easily tell if the machine has been tampered with.
[ link to this | view in chronology ]
...
As for these emachines. I am shocked, shocked, that the Republicans finally let people look inside the machines at all. Isn't it neat how for 5 years people wanted to look into those machines, ever since the 04 election people have been trying to get the machines open to check them out. to look at their "proprietary code." Yes, we collect the nation's votes (almost like a public service), for the reason to determined who our governmental leaders are for the entire nation.. you want to look at our code? NO! We are a private company, we don't care that our service affects every American, it's ours and go f'off government you can't look at it and check it. Yeah.. awesome companies.
[ link to this | view in chronology ]
Re: ...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Capitalism
I don't think it matters who is elected. What matters is making money. No matter who is in office if you want clean streets, low crime, a decent education for you kids, and justice you have to make enough money to live in an expensive neighborhood. It is bad but it is reality.
[ link to this | view in chronology ]
Security Through Obscurity
[ link to this | view in chronology ]
n.y.p.d.
[ link to this | view in chronology ]