US mid-point: hackers denounce staggering "voting machines"

Author's right of the image
Getty Images

Voter machines pose "serious risks" to US security, hackers are warned.

A report highlights the main shortcomings in voting materials, weeks before the mid-term US elections.

A ballot, used in 23 US states, has a cybersecurity defect reported more than a decade ago, according to hackers.

An expert warned that lessons should be learned if the UK adopts e-voting systems.

In August, the Def Con Conference in Las Vegas organized a "voting village", where participants were encouraged to discover the flaws in US electoral infrastructure by hacking various computer systems.

The conference organizers released a 50-page report on their findings on Thursday.

They describe the number and severity of flaws in voting equipment as "narcotics".

"The problems described in this report are not just failings of the electoral administration that must be solved for reasons of efficiency, but rather serious risks for our critical infrastructure and therefore for national security," the report says.

More than 30 voting machines and other equipment were made available to conference participants, including the M650 e-newsletter scanner, currently used by 23 US states.

The report says that the vulnerabilities mean that the M650 can be hacked remotely.

A design defect reported as early as 2007 was also found in the model tested at the conference.

The organizers of the conference argue that the fact that the unit is designed to handle a large number of ballots, the hacking of one of the machines could allow an attacker to "return the electoral college and determine the result of a presidential election ".

Designers of the M650 system, Election Systems & Software (ES & S), told the Wall Street Journal that, thanks to the voting machine using paper ballots, votes can be audited.

The company also said that "the security protections on the M650 are strong enough to make hacking extremely difficult in a real-life environment."

In August, four US senators signed a letter to ES & S, which said it was "discouraged" that the company chose to reject hacker demonstrations.

ES & S responded that forums open to anonymous hackers "could be a green light for foreign intelligence agents" and should be viewed with caution.

Rescheduled smart cards

Other tested machines include AccuVote TSx, currently used by 18 US states. The system includes a smart card reader for users to vote, which, according to the report, can be easily disconnected to "disrupt the electoral process".

Conference participants were also able to wirelessly reprogram voting smart cards, using mobile phones.

On Tuesday, Republican Senator James Lankford said that a bill on election security, known as the Secure Elections Act, would not be passed by Congress until the mid-term elections in November.

Earlier this year, an amendment to increase election security spending of $ 250 million (192 million pounds) was blocked by Republican senators.

"There is a history of disclosed vulnerabilities that take years to properly mitigate, and apparently not a big appetite for a national security standard for voting machines," safety expert Davey Winder told BBC.

"We need to learn here so that, rather than the United Kingdom adopting electronic voting systems, we are ready to make sure that implementation is secure."

A spokesman for the British Electoral Commission told the BBC: "Any changes to the voting system would require a pilot project, which would be carried out by the Cabinet Office".