US voting systems: Full of holes, loaded with pop music, and hacked by an 11-year-old

DEF CON Hackers of all ages have been investigating America’s voting machine tech and the results aren’t good. One enterprising 11-year-old named Emmet managed to hack a simulated Secretary of State election results page in 10 minutes.

The Vote Hacking Village, one of the most packed-out locations at this year’s DEF CON hacking conference in Las Vegas, saw many of the most commonly used US voting machines easily hijacked using a variety of wireless and wired attacks, and election websites proved so poorly constructed that they were thought too boring for adults and left to youngsters to infiltrate.

The first day saw 39 of these smart kids, ranging in age from six to 17, try to crack into replicas of government election results websites, developed by former White House technology advisor Brian Markus. All but four managed to get an exploit running within the allotted three-hour contest.

child

DEF CON plans to show US election hacking is so easy kids can do it

READ MORE

The children were able to change vote tallies so that they numbered 12 billion, and rewrite party names as well as the names of candidates. Kids being kids, these latter changes included “Bob Da Builder” or “Richard Nixon’s Head” – we spotted the Futurama fan there.

On the adult side, Premier/Diebold’s* TSX voting machines were found to be using SSL certificates that were five years old, and one person managed to, with physical access, upload a Linux operating system to the device and use it to play music, although that hack took a little more time than you’d get while voting.

Diebold’s Express Poll 5000 machines were even easier to crack, thanks to having an easily accessible memory card, which you could swap out while voting, containing supervisor passwords in plain text. An attacker could physically access and tamper with these cards, which also hold the unencoded personal records for all voters including the last four digits of their social security numbers, addresses, and driver’s license numbers.

Hackers found that by inserting specially programmed memory cards when no election official is looking, they could change voting tallies and voter registration information. And take a guess what the root password was? Yes, “Password” – again stored in plain text.

More bizarrely, voting machine manufacturer WinVote’s VoteActive device was found to contain pop music. The machine, which was running Windows XP, could be hacked wirelessly in seconds, and had a music player and CD ripper program built in. It is believed this music stuff was left lying around in unused and unallocated space on the disk.

The village also hosted an mock election between George Washington and Benedict Arnold, which was predictably hacked. Of the 133 ballots cast, America’s first POTUS scored 26 votes, as did infamous traitor Arnold, but the winner was an unplanned candidate: DEF CON’s founder Dark Tangent, aka Jeff Moss, with 61 votes.

The machine’s software had been tampered with to insert Moss into the running, and make him win with fake votes. This could be done by infecting an election official’s PC so that when the ballot box is programmed from that computer, the voting software is silently altered to later change votes.

It’s the second year DEF CON has hosted the village, and once again voting machines didn’t make the grade. There just isn’t enough builtin security to stop people physically meddling with machines at the booths, or before and after polling day. There is little or no verification of the authenticity and legitimacy of the code running on the boxes. Anti-tamper seals on the cases have been shown to be ineffective, too.

And the final numbers on government websites may not be accurate, either. An error regarding the number of registered voters, thus suggesting more people voted than were allowed, on the US state of Georgia’s website sparked confusion this month.

With the November elections due, it looks as though, once more, American voters will just have to hope no one is hacking their vote. But some in government have taken an interest.

“It’s been incredible the response we’ve received,” said village cofounder and University of Pennsylvania professor Matt Blaze. “We’ve had over 100 election officials come through here and they expressed over and over again how much they have appreciated learning from this opportunity.”

Fresh from his keynote, former NSA top hacker and White House cyber czar Rob Joyce popped in to chat as well. He praised the work done by those involved, which had been criticised indignantly by some manufacturers before and during the show.

hacking

Microsoft: The Kremlin’s hackers are already sniffing, probing around America’s 2018 elections

READ MORE

“Believe me, there are people who are going to attempt to find flaws in those [election] machines whether we do it here publicly or not,” he said “So, I think it’s much more important that we get out, look at those things, and pull on it.”

Incidentally, on Wednesday, US Republican senators shot down $250m in emergency election security funding proposed by Senator Patrick Leahy (D-VT) – a figure that Hacking Village cofounder Jake Braun told The Register was too small by a factor of 10 if the November elections were to be anywhere close to secure. Cost concerns were cited by the ruling party as a key factor in that decision.

A few days later the President of the Senate, Mike Pence, announced plans for a new super-duper Space Force for orbital warfighting, something the Air Force Space Command already has a firm grip on. The up-in-the-air scheme has an estimated cost of $8bn. ®

* Diebold Nixdorf sold off the US Elections systems Premier division of its business several years ago.

Sponsored: Following Bottomline’s journey to the Hybrid Cloud

READ MORE HERE