Security Experts Able To Hack Into Nearly Every E-Voting Machine

from the seems-a-bit-troublesome dept

Back in March, California decided that after years of negative publicity about the security of e-voting machines (and certainly enough evidence to suggest they weren't very secure) that it would allow independent security experts to try to hack into any machine before it got approval to be used in California elections. Those researchers have gone ahead and found that every machine they tested was hackable -- often very easily. The researchers were able to hack into Diebold, Sequoia and Hart InterCivic machines. They didn't get a chance to test ES&S machines because, as you may recall, ES&S stalled before handing over their source code (and included a nasty threatening letter with it). To be fair, these machines were tested in non-normal conditions, where the researchers had access to all sorts of documentation, the full source code and no election going on where people might spot them tampering with a machine. That is, this doesn't mean that it's necessarily easy to hack an election. It just means that all of the machines have some insecurities -- most of which we didn't know about before. The key here is that we can now understand these insecurities and whether or not they're adequately protected by other measures. What still doesn't make sense is why the e-voting firms are so against this process. All it's really doing is helping those companies improve their products to make them more secure. Of course, one key reason is that the researchers found that many of the security problems are because the machines weren't built with security in mind -- but only had it added as an afterthought. In other words, these companies probably should be redesigning their machines from scratch, which they don't want to do. Of course, does it worry anyone else that the machines weren't designed with security in mind in the first place?


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    hoopajoop, Jul 30th, 2007 @ 11:10pm

    first!!

    even if they were secure those Bushes would have one, the evil bastids!

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      SPR, Jul 31st, 2007 @ 5:24am

      Re: first!!

      Wake up, dumbass!! There is no evidence that Bush ever "stole" an election. On the other hand, the Democrats have for years been registering (and voting) residents of the nations cemeteries for years. The most recently documented case was in Louisiana. More recently, they have been busy registering felons currently serving in prison, those who have forfeited their right to vote by their criminal activity. Besides, this was not about stealing an election, it was about improving the security of electronic voting machines. These companies would be wise to offer to work WITH the security experts to IMPROVE their product.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        SailorRipley, Jul 31st, 2007 @ 11:27am

        Re: Re: first!!

        "There is no evidence that..." actually means: "I haven't seen any evidence in main stream US media that...".

        Try reading a book once in a while, for example "The Best Democracy Money Can Buy" by Greg Palast.

        "More recently, they have been busy registering felons currently serving in prison, those who have forfeited their right to vote by their criminal activity"

        My guess would be they're doing that to compensate for all the people the Republicans incorrectly prevented from voting

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    hoopajoop, Jul 30th, 2007 @ 11:11pm

    re: first!

    "won", even. :)

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Enrico Suarve, Jul 31st, 2007 @ 12:27am

    That would have stopped all the fun

    If they'd have allowed testing before people would have known what was going on and that would have been bad for Bush

    "It is enough that the people know there was an election. The people who cast the votes decide nothing. The people who count the votes decide everything." - Joe Stalin

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Nunya, Jul 31st, 2007 @ 1:01am

    The real problem

    The Electoral College is the second problem. Its out lived its time. No matter how good these machines get your vote truley doesn't matter, if yur a republican in a magority democratic state or vice versus. But they say that these machines were tested in uncommon situations,like having the source code.....hmmm well source codes get leaked everyday.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Haywood, Jul 31st, 2007 @ 6:14am

      Re: The real problem

      "The Electoral College is the second problem. Its out lived its time."

      Not really, it still serves its intended purpose; to give the people of sparsely populated states a voice.
      But for that New York and California would pretty much decide everything, and Montanans might as well stay home on election day.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Bubba Nicholson (profile), Jul 31st, 2007 @ 1:51am

    republicans dishonest

    Republicans aren't the only dishonest people in America, but they're the only ones who organize teams of criminals to assassinate or attempt to assassinate US presidents (e.g. JFK by plumber gang under Richard M. Nixon & G.H.W. Bush) (Ford & Regan by G.H.W. Bush), candidates for US president (RFK, George Wallace, MLK (attacked by plumbers under G.H.W. Bush again)), and break into people's homes and offices (plumbers under Nixon). They regularly fund organized cheating in American elections, skirting election law only needed because of republican cheating in the first place.

    Republicans gang up and rape whole industries, like the savings and loan corporations, like Navy oil reserves, like strategic petroleum reserves, like insurance companies. Democrats don't say much because, well, there're just too many of 'em. We tried shooting them all and that didn't work, but it slowed them down in the 1860's & 1870's.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Paranoia Will Destroya, Jul 31st, 2007 @ 3:39am

      Re: republicans dishonest

      I'm sorry, did you just say that the Republicans, with the help of plumbers, have assassinated presidents or presidential hopefuls, and apparently at the sole command of George Herbert Walker Bush.

      As much as I would love to believe that the Bush's, not money, are the root of all evil, I think people will find your... accusations... a little tough to swallow without proof.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Chad Howell, Jul 31st, 2007 @ 3:32am

    The moonbats are out tonight....

    Watch out people! The black helicopters are after you!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    W, Jul 31st, 2007 @ 4:42am

    Can we get back on topic?

    The article is about voting machines not evil Republicans or communist Democrats.

    I use to work on the older lever-type voting machines and if you gave me the kind of access these researchers had I could rig them too. The sad truth is, elections have been rigged for as long as there have been elections so don't be afraid of new technology. Trust but verify...

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Pinkynarf, Jul 31st, 2007 @ 4:50am

    What if we looked at cars this way?

    Come on. Of course you can hack a machine if you have access to it in a dark closet where nobody is looking. We aren't talking the real-world here. This is all just a bunch of propoganda.

    What if the police department hired an outside firm to examine the next fleet of police cars they were going to purchase? The independant organization would find that none of the police cars are safe: They can go too fast, use explosive gasoline, don't provide adequate security measures to prevent a theft, are too heavy, may lose control when taking a corner too fast...

    Now really, if you look at anything at all you can pick it apart and find something wrong with it. Is E-voting secure? I doubt it. Is hand-counting fool-proof? I doubt it. Is the world going to end? Yes, absolutely.

    We wouldn't need some many stupid laws and security if people followed the 2 commandments from God: Love God, and Love your neighbor. That pretty much covers it all.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Jul 31st, 2007 @ 11:31am

      Re: What if we looked at cars this way?

      "hey can go too fast, use explosive gasoline, don't provide adequate security measures to prevent a theft, are too heavy, may lose control when taking a corner too fast..."

      all excellent reasons why police cars are not used for e-voting

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    freak3dot, Jul 31st, 2007 @ 5:30am

    "Love your neighbor" -- Pinkynarf

    It would be equaly effective (without the religion) if everyone followed the concept of Karma. Believe it or not, when you do something you know is wrong to someone else, it will come back on you in some form or another.
    But at the same time, if you do something you know is right and go out of your way to do the right thing, that will come back on you in some form or another as well.

    freak3dot

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Pinkynarf, Jul 31st, 2007 @ 5:43am

      Re: freak3dot

      freak,

      Leaving the religion out of things is why the world is such a mess. America was created for religion of freedom. Things have now swung so far the other direction that we are now a country based on freedom from religion. Many people today are looking out for themselves. The idea of Karma comes from religion, although it may not be directly religiously based. It is just another example of people stripping religion from all that is good and trying to claim it for themselves (no offense. My comment is not directed at you who follow Karma, but rather the people who start such movements in the first place). Good and Bad happens to people regardless of what you do. I do not have a better life because I am a Christian. I am a Christian because God loves me no matter what I have done. If you were offended by something I said, please find a church and talk to someone. Dialog is a good thing.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Sanguine Dream, Jul 31st, 2007 @ 6:35am

        Re: Re: freak3dot

        This is viciously off topic so don't say I didn't warn you...

        Sounds like you're trying to say that religion itself isnt the problem but the people in interpret it are. That I can agree with seeing as how religion has been used to justify some of histories darkest moments.

        I personally do not think I have the decent life I have because I am agnostic but I am agnostic because while firmly believe that there is a higher power running things in the universe I really don't care who/what she/he/it is.

        And by the way:

        The idea of Karma comes from religion, although it may not be directly religiously based. It is just another example of people stripping religion from all that is good and trying to claim it for themselves

        I'm not sure what you are saying here.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    Ikey Benney, On Voting Machines, Jul 31st, 2007 @ 6:35am

    Voting Machines

    Hello:

    If what you said in this article is true, then it is indeed alarming because it means that no election would be reliable.
    I expect the authorities will take steps to plug the security holes.
    Ikey Benney

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Overcast, Jul 31st, 2007 @ 6:38am

    To be fair, these machines were tested in non-normal conditions, where the researchers had access to all sorts of documentation, the full source code and no election going on where people might spot them tampering with a machine

    Any real world hacker worth their salt would do the same thing. As for tampering - well that all depends on where you are and who you know.

    Of course, it won't matter, because it makes it so very easy for elections to be 'fixed' and dupe the public.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    san, Jul 31st, 2007 @ 6:39am

    zero day

    wonderin when it'll appear on http://www.wslabi.com/ for good

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Sanguine Dream, Jul 31st, 2007 @ 6:45am

    Quit the arguing...

    There is dishonesty on all sides of the political spectum here so constantly shouting the likes of, "_____ stole the election." and "Oh yeah? Prove it." is just a vicious cycle of passing the blame around.

    The topic at hand here isn't who may be stealing elections from who but the fact that elections can be stolen with help from these e-voting machines with questionable security. Personally I'd say the best way to test these machines would be to hold a mock election in a real city. That way the test conditions are as real as possible and anyone trying to comprimise the machines will have to actually think about how to do it instead of being given the manuals and documentation.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Scott, Jul 31st, 2007 @ 6:56am

    Windows based...

    It seems most of the machines were windows based. That is a can of worms for exploit right there. The machines should only run a customized open source operating system and voting software. That is the only way to verify all the software running on the machine including the BIOS. All the code could then be reviewed by security experts and anyone else interested.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 31st, 2007 @ 7:54am

    I do hope that this practice becomes alot more widespread. If all the states forced companies to pony up their source code and machines for testing they might at minimum be marginally secure from random people walking in on election day.

    However, mass tampering that can sway an election is generally done by the people running it, not someone randomly walking in on election day. A test where the hackers have total access is the right way to do it.

    It is totally possible to design a system where a hacker cannot subvert it without alerting everyone. I doubt that is possible if these are all windows apps. It really requires specially designed hardware such that even the voters can easily tell if the machine has been tampered with.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Ed, Jul 31st, 2007 @ 8:09am

    ...

    God has nothing to do with this. God has nothing to do with you. God doesn't even exist. If you really believe that you would be a terrible person and everyone else would be too; based solely on the qualification of religion.. I mean.. grow up ok. You were a child and a great man was always looking after you and kept you safe. But God didn't keep that other person the same age of you safe. Were they evil? Were you moreGodlike? NO. Religious people are so mentally immature it ruins this whole country. I must beleive in God to do the good things in my life and he is just testing me during the bad. That is, he never shows up and what you create good is from you and what you create bad is also caused by you. And everything else is left up to the cosmic coin flip.

    As for these emachines. I am shocked, shocked, that the Republicans finally let people look inside the machines at all. Isn't it neat how for 5 years people wanted to look into those machines, ever since the 04 election people have been trying to get the machines open to check them out. to look at their "proprietary code." Yes, we collect the nation's votes (almost like a public service), for the reason to determined who our governmental leaders are for the entire nation.. you want to look at our code? NO! We are a private company, we don't care that our service affects every American, it's ours and go f'off government you can't look at it and check it. Yeah.. awesome companies.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Some Roandom Guy, Jul 31st, 2007 @ 5:18pm

      Re: ...

      While trying to soak in your infinate knowledge, I find your statement dismissing the exsistance of a GOD about as annoying as those who try to cram it down peoples throats. It's the closed minded extreme absolutist views from the land of know it alls that turn any conversation into a heaping pile of realitive #$%#. That's you my friend. Enjoy the rest of your life....

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 31st, 2007 @ 8:26am

    If American companies wont give us secure machines I guess we'll have to buy from China.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Jul 31st, 2007 @ 8:30am

    I'm moving to Canada...who's with me?!?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    niftyswell, Jul 31st, 2007 @ 11:33am

    For every Murtha there is a Packwood...for every Alaskan bridge to nowhere there is a post office scandal. People need to realize that the people who seek power are by their very nature corrupt but use different excuses to get it the Democrats will have government wipe your ass for you and say they are using rich people's money to do it (without pointing out they are richer that the guys across the aisle) and the Republicans will promise to lower taxes while at the same time expanding government at a faster pace than ever seen before. The only solution is to limit the size of government and the only way to do that is to reduce the tax base so that only essential services are paid for. The whole gist of the article is to convince everyone that your candidate lost because someone rigged the election- hardly a new conspiracy theory! There aint an election that cannot be bought or a system that cant be beat.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    joe, Jul 31st, 2007 @ 11:33am

    Capitalism

    Way off topic but since there is some red vs blue going on.

    I don't think it matters who is elected. What matters is making money. No matter who is in office if you want clean streets, low crime, a decent education for you kids, and justice you have to make enough money to live in an expensive neighborhood. It is bad but it is reality.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Charles Griswold, Jul 31st, 2007 @ 6:45pm

    Security Through Obscurity

    What still doesn't make sense is why the e-voting firms are so against this process. All it's really doing is helping those companies improve their products to make them more secure.
    It's called security through obscurity.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    matthew warerell, Aug 16th, 2007 @ 2:54pm

    n.y.p.d.

    please tell me how to hack in

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This