US mid-terms: Hackers expose ‘staggering’ voter machine flaws

Gigacycle > Technology News  > US mid-terms: Hackers expose ‘staggering’ voter machine flaws

US mid-terms: Hackers expose ‘staggering’ voter machine flaws

Voting machines pose “serious risks” to US security, hackers are warning.

A report outlines major flaws in voting hardware, weeks before US mid-term elections.

One ballot machine, used in 23 US states, carries a cybersecurity flaw that was reported over a decade ago, the hackers claim.

An expert warned that lessons would need to be learned if the UK adopts electronic voting systems.

In August, the Def Con conference in Las Vegas ran a “Voting Village”, where participants were encouraged to uncover flaws in US election infrastructure by hacking into various computer systems.

The organisers of the conference on Thursday released a 50-page report on their findings.

They describe the number and severity of flaws in voting equipment as “staggering”.

“The problems outlined in this report are not simply election administration flaws that need to be fixed for efficiency’s sake, but rather serious risks to our critical infrastructure and thus national security,” the report claims.

More than 30 voting machines and other pieces of equipment were made available to attendees of the conference, including the M650 electronic ballot scanner, which is currently used by 23 US states.

The report says vulnerabilities mean the M650 can be remotely hacked.

A design flaw reported as far back as 2007 was also found in the model tested during the conference.

The organisers of the conference argue that because the unit is designed to process a high volume of ballots, hacking one of the machines could enable an attacker to “flip the electoral college and determine the outcome of a presidential election​”.

The makers of the M650 system, Election Systems & Software (ES&S), told the Wall Street Journal that because the voting machine uses paper ballots, votes can be audited.

The company also said “the security protections on the M650 are strong enough to make it extraordinarily difficult to hack in a real-world environment”.

In August, four US Senators signed a letter to ES&S, which said they were “disheartened” that the company had chosen to dismiss the hacker’s demonstrations.

ES&S responded, saying forums open to anonymous hackers “may be a green light for foreign intelligence operatives” and should be viewed with caution.

Reprogrammed smart cards

Other machines tested include the AccuVote TSx, currently used by 18 US states. The system includes a smart card reader for users to cast votes, which the report says can be easily disconnected to “disrupt the election” process.

Attendees of the conference were also able to reprogramme voting smart cards wirelessly, using mobile phones.

On Tuesday, Republican Senator James Lankford said an election security bill, known as the Secure Elections Act, would not be passed by Congress ahead of the mid-term elections in November.

Earlier this year, an amendment for $250m (£192m) to increase spending on election security measures was blocked by Republican senators.

“There is a history of disclosed vulnerabilities taking years to properly mitigate, and seemingly no great appetite for a national security standard for voting machines,” security expert Davey Winder told the BBC.

“We need to be learning lessons here so that when, rather than if, the UK adopts electronic voting systems, we are ready to make sure the implementation is a secure one.”

A spokesperson for the UK’s Electoral Commission told the BBC: “Any change to the system of voting would require a pilot, which would be carried out by the Cabinet Office.”

Go to Source

No Comments

Sorry, the comment form is closed at this time.