How I hacked an electronic voting machine

Decrease Font Size Increase Font Size Text Size Print This Page

Roger Johnston is the head of the Vulnerability Assessment Team at Argonne National Laboratory. Not long ago, he and his colleagues launched security attacks on electronic voting machines to demonstrate the startling ease with which one can steal votes. Even more startling: Versions of those machines will appear in polling places all over America on Tuesday. The touchscreen Diebold Accuvote-TSX will be used by more than 26 million voters in 20 states; the push-button Sequoia AVC Voting Machine will be used by almost 9 million voters in four states, Harper’s magazine reported recently (subscription required). Here, Johnston reveals how he hacked the machines–and why anyone, from a high-school kid to an 80-year-old grandmother, could do the same.–Ed

A simple non-cyber attack on an electronic voting machine. / Vulnerability Assessment Team at Argonne National Lab

The Vulnerability Assessment Team at Argonne National Laboratory looks at a wide variety of security devices– locks, seals, tags, access control, biometrics, cargo security, nuclear safeguards–to try to find vulnerabilities and locate potential fixes. Unfortunately, there’s not much funding available in this country to study election security. So we did this as a Saturday afternoon type of project. …
It’s called a man-in-the-middle attack. It’s a classic attack on security devices. You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off. We’re basically interfering with transmitting the voter’s intent. …
We can do this because most voting machines, as far as I can tell, are not encrypted. It’s just open standard format communication. So it’s pretty easy to figure out information being exchanged. Anyone who does digital electronics–a hobbyist or an electronics fan–could figure this out.
The device we implanted in the touchscreen machine was essentially $10 retail. If you wanted a deluxe version where you can control it remotely from a half a mile away, it’d cost $26 retail. It’s not big bucks. RadioShack would have this stuff. I’ve been to high school science fairs where the kids had more sophisticated microprocessor projects than the ones needed to rig these machines.

SEE COMPLETE TEXT

Be Sociable, Share!