US' polling machines for 2012 allow remote hacking

Many of the electronic voting machines that about a third of American voters will use in the 2012 polls may be hacked remotely, a laboratory has shown. Experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois said the hack could change voting results without leaving a trace. "We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines. We think we can do similar things on pretty much every electronic voting machine," said Roger Johnston, leader of the assessment team, in an interview published on the Salon magazine website. "This is a national security issue. It should really be handled by the Department of Homeland Security," he added. The Salon article said that the Diebold voting machines can be hacked with just $10.50 in parts and eighth-grade science education. Argonne Lab, run by the Department of Energy, has the mission of conducting scientific research to meet national needs. The Diebold Accuvote voting system used in the study was loaned to the lab's scientists by VelvetRevolution.us, which received the machine from a former Diebold contractor. According to the Argonne team, e-voting system hacks such as Princeton's demonstration of a viral cyber attack on a Diebold touch-screen system - which relied on cyber attacks to change the results of elections - will require more coding skills and knowledge of the voting system software. In contrast, the Argonne team's attack allegedly required no modification, reprogramming, or even knowledge of the voting machine's proprietary source code. Demonstration, proof of concept The team demonstrated in a video that inserting an inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. "The cost of the attack that you're going to see was $10.50 in retail quantities," said Warner. He said an RF [radio frequency] remote control to stop and start the attacks will cost an extra $15. A video prepared by the team shows three different types of attack, each showing how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well. Under the setup, the intruder would allow the voter to make his or her selections. But when the voter actually attempts to push the "Vote Now" button, which records the voter's final selections to the system's memory card, Warner said a bad guy "will simply intercept that attempt ... change a few of the votes," and the changed votes would then be registered in the machine. "In order to do this, we blank the screen temporarily so that the voter doesn't see that there's some revoting going on prior to the final registration of the votes," he said. Such an attack would allow manipulation would occur after the voter has approved as "correct" the on-screen summaries of his or her intended selections. Johnston said the machines could also be tampered with during so-called voting machine "sleepovers" when e-voting systems are kept by poll workers at their houses days and weeks prior to the election or at other times when the systems are unguarded. But he said the more realistic way to insert these alien electronics is to do it while the voting machines are waiting in the polling place a week or two prior to the election. "Often the polling places are in elementary schools or a church basement or some place that doesn't really have a great deal of security. Or the voting machines can be tampered while they're in transit to the polling place. Or while they're in storage in the warehouse between elections," Johnston said. He noted that the Argonne team had no owner's manual or circuit diagrams for either the Diebold or Sequoia voting systems they were able to access in these attacks. Election security procedures Also, the team members criticized election security procedures, which rarely if ever include physical inspection of the machines, especially their internal electronics. But even if such inspections were carried out, the Argonne scientists said their attack leaves behind no physical or programming evidence if properly executed. "The really nice thing about this attack, the man-in-the-middle, is that there's no soldering or destruction of the circuit board of any kind. You can remove this attack and leave no forensic evidence that we've been there," Warner said. Gaining access Gaining access to the inside of the Diebold touch-screen is as simple as picking the lock, or using a standard hotel minibar key, the team noted. It pointed out the machines use the same easily copied key, available at most office supply stores. "I think our main message is, let's not get overly transfixed on the cyber," team leader Johnston says. Since he believes they "can do similar things on pretty much every electronic voting machine," he recommends a number of improvements for future e-voting systems. "The machines themselves need to be designed better, with the idea that people may be trying to get into them. If you're just thinking about the fact that someone can try to get in, you can design the seals better, for example," he added. He also warned against using a standard blank key for every machine. "Spend an extra four bucks and get a better lock. You don't have to have state of the art security, but you can do some things where it takes at least a little bit of skill to get in," he said. New findings The Vulnerability Assessment Team's new findings raised concerns about e-voting vulnerabilities issued by other computer scientists and security experts. While the use of touch-screen Direct Recording Electronic (DRE) voting systems such as those Argonne showed to be vulnerable to manipulation has declined, similar systems may be used by a "significant part" of the electorate on Election Day in 2012, the Salon article said. It cited Sean Flaherty, a policy analyst for e-voting watchdog group VerifiedVoting.org, as saying that "about one-third of registered voters live where the only way to vote on Election Day is to use a DRE." Flaherty said almost all voters in states like Georgia, Maryland, Utah and Nevada, and the majority of voters in New Jersey, Pennsylvania, Indiana and Texas, will vote on DREs on Election Day in 2012. He added voters in major municipalities such as Houston, Atlanta, Chicago and Pittsburgh will also line up in next year's election to use DREs of the type hacked by the Argonne National Lab. 'Security by obscurity' While voting machine companies and election officials have sought to protect source code and the memory cards that store ballot programming and election results for each machine, critics like California Secretary of State Debra Bowen have pointed out that attempts at "security by obscurity" largely ignore the most immediate threat. Such threats come from election insiders who have regular access to the e-voting systems, as well as those who may gain physical access to machines that were not designed with security safeguards in mind. "This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber (attacks)," said Warner. He added there's a very large physical protection component of the voting machine that needs to be addressed. — TJD, GMA News