Project Wonderful

Wednesday, September 28, 2011

2012 E-Voting Machines are Super-hackable

Voting machines used by as many as a quarter of American voters heading to the polls in 2012 can be hacked with just $10.50 in parts and an 8th grade science education, according to computer science and security experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois says Salon.com


I found the video pretty boring, but if you're the "take it apart and see for myself" type, you might find it appealing.

In case you don't want to watch the boring video or read the less boring article, let me break it down for you. They are not talking about cyber attacks, although they imply those are possible as well. They are talking about physical attacks on the machine, basically rewiring it to run by remote control, which they call a "man in the middle" attack. That is in a way scarier, because you don't need highly specialized knowledge to pull it off. Apparently it's pretty easy (they keep referring to being able to do it with an 8th grade education, but I must have skipped that day) and very cheap and if it happened, there would be no physical evidence to arouse suspicion.
Test team member, John Warner explains, "The really nice thing about this attack, the man-in-the-middle, is that there's no soldering or destruction of the circuit board of any kind. You can remove this attack and leave no forensic evidence that we've been there...Gaining access to the inside of the Diebold [that's the brand of voting machine] touch-screen is as simple as picking the rudimentary lock, or using a standard hotel minibar key, as all of the machines use the same easily copied key, available at most office supply stores."
This is why I tell people it will be years before we have national at home ivoting. We can't guarantee security when we have the physical machines.

Now granted, we assume that the machines will be stored in a place with trustworthy personnel (...or you know, underpaid disgruntled board of elections workers). And more reasonably we realize that for this type of hack to have any sort of widespread effect, there would have to be a national or statewide conspiracy to physically tamper with machines. Sure one super corrupt County Party Chair might be able to rig an election (a problem in and of itself), but I would put it past even the least scrupulous of national parities to be able to pull off that kind of coordinated attack. You would really need cyber hacking for that. (I mean what? I was home all evening! I want an attorney!) Still, when it comes to the integrity of our voting systems are we really okay with "it's probably fine?"

So, while I don't find it overly concerning, I do find it dumb that we made voting machines that a zealous intern could hack into. So does the team at Argonne National. Team leader Roger Johnston explains:
"The machines themselves need to be designed better, with the idea that people may be trying to get into them. If you're just thinking about the fact that someone can try to get in, you can design the seals better, for example. Don't do things like use a standard blank key for every machine. Spend an extra four bucks and get a better lock. You don't have to have state of the art security, but you can do some things where it takes at least a little bit of skill to get in."
Why don't Republicans focus on this if they're so concerned about election fraud?

No comments:

Post a Comment