Report Defcon Voting Village: a bug in a system could "return the electoral college"

Today, six prominent information security experts, who participated in the DEF CON Village Vote in Las Vegas last month, released a report on vulnerabilities found in voting equipment and associated computer systems. . A vulnerability they discovered – in a high-speed vote tabulation system used to count whole county votes in 23 states – could allow an attacker to remotely hijack the system on a network and change the system. number of votes. . "The hacking of one of these machines could allow an attacker to return the electoral college and determine the outcome of a presidential election," warned the report's authors.

The machine in question, ES & S M650, is used to count ordinary and absent ballots. The Election Systems & Software facility in Omaha, Nebraska, is essentially a high-speed network scanner, such as those used to digitize standardized test sheets, typically operated in a network at the county clerk's office. Based on the QNX 4.2 operating system, a real-time operating system developed and marketed by BlackBerry, currently up to version 7.0, the M650 uses Iomega Zip drives to transfer data from the Election to and from a Windows management system. It also stores the results on a 128 megabyte SanDisk Flash storage device mounted directly on the system board. The results of the tabulation are generated as reports printed on a connected pin printer.

The authors of the report – Matt Blaze of the University of Pennsylvania, Jake Braun of the University of Chicago, David Jefferson of Verified Voting Foundation, Harri Hursti and Margaret MacAlpine of Nordic Innovation Labs and Jeff Moss, founder of DEF CON – have documented dozens of other vulnerabilities found in voting systems. They noted that four major areas of "serious and undeniable" concern needed to be addressed urgently. One of the most critical is the lack of security of the supply chain for voting machines – there is no way to test machines to see if they are reliable or if their components have been modified.

Yikes!

"If an opponent compromises chips through the supply chain," notes the report, "they could hack entire classes of machines across the United States, remotely, all at once." And despite manufacturers' claims that machines are secure because they are "spaced" from the Internet when they are in use, testing over the past two years has revealed remote hacking vulnerabilities that require no access physics to voting machines.

In a few cases, Voting Village's collection of hackers / researchers discovered that hacking of voting machines took less time than voting. A voting machine could be hacked in two minutes. And another hack, exploiting a flaw in an electronic card used to activate the voting terminals, allowed to reprogram the wireless card with a mobile device, allowing the voter to vote as many times as he or she wished it.

Perhaps the most frustrating problem documented by researchers is that defects, even reported, are not corrected. An example is another vulnerability of the ES & S M650 reported to the manufacturer more than 10 years ago, but which was still present on the systems used for the 2016 elections.