Hacking US Electronic Voting Machines"Extremely Easy"

Apr 23, 2015

Electronic voting machines used for US elections between 2002 and 2014 would have been extremely easy to hack, according to reports.

The AVS WinVote machines were used during three presidential campaigns in the state of Virginia and would receive an “F-minus” for security, with many using “abcde” or “admin” as passwords.

Read more: Electoral Commission embraces tech to get young people to vote

Jeremy Epstein, of non-profit organisation SRI International, who served on the Virginia state legislative commission and has been investigating the machines for some time, is relieved that they have now been decertified.

“The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded,” he explained. “They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.”

In an interview with the Guardian, Epstein also explained that his conversations with Brit Williams, the original certifier of the voting machines, had been equally concerning.

“I said, ‘How did you do a penetration test?’ and he said, ‘I don’t know how to do something like that’.”

The Virginia Technology Agency today published a report condemning the WinVote machines, which have also been used for elections in Mississippi and Pennsylvania. It found that the machines ran a version of the Windows operating system that had not been updated since 2004, leaving them susceptible to relatively simple malware and hacking attempts.

Read more: Verizon: Hacks are sophisticated, but use old methods

The news comes at a time when the UK is preparing for its own vote, with the general election scheduled for next month. Although electronic voting, or e-voting will not be available this year, it is reported to be in place for the 2020 election.




Author: Barclay Ballard
View the original article here.
Published under license from ITProPortal.com
election / hack / ITProPortal / security breach / UK / US / voting / vulnerability

Comment

 

Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now

Partner

24Newswire
Sign up to receive latest news

Twitter Feed

Why does pubsec ICT PR firm @MantisPR want to be at the upcoming #eventcentreUK THINK Digital Vendors 2016 event? https://t.co/3tE5o7aMmO
@24nbiz
Apr 01, 2016
@thinkdigicon supporter @Adv365 sets out its stall for tomorrow's landmark #gcloud event https://t.co/FQraJP2yyg
@24nbiz
Mar 21, 2016
@thinkdigicon supporter @Adv365 explains why it's supporting tomorrow's show https://t.co/2Wj3UECo9s
@24nbiz
Mar 21, 2016
@24n.biz: what's the final agenda for tomorrow's @thinkdigicon #gcloud @GOVUKdigimkt show? https://t.co/6CASi8lrnU
@24nbiz
Mar 21, 2016