Home / Tag Archives: voting-machines

Tag Archives: voting-machines

Defcon Voting Village report: Bug in one system could “flip Electoral College”

Enlarge / A voting machine is submitted to abuse in DEFCON's Voting Village. (credit: Sean Gallagher) Today, six prominent information-security experts who took part in DEF CON's Voting Village in Las Vegas last month issued a report on vulnerabilities they had discovered in voting equipment and related computer systems. One vulnerability they discovered—in a high-speed vote-tabulating system used to count votes for entire counties in 23 states—could allow an attacker to remotely hijack the system over a network and alter the vote count, changing results for large blocks of voters. "Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election," the authors of the report warned. The machine in question, the ES&S M650 , is used for counting both regular and absentee ballots. The device from Election Systems & Software of Omaha, Nebraska, is essentially a networked high-speed scanner like those used for scanning standardized-test sheets, usually run on a network at the county clerk's office. Based on the QNX 4.2 operating system—a real-time operating system developed and marketed by BlackBerry, currently up to version 7.0—the M650 uses Iomega Zip drives to move election data to and from a Windows-based management system. It also stores results on a 128-megabyte SanDisk Flash storage device directly mounted on the system board. The results of tabulation are output as printed reports on an attached pin-feed printer. The report authors—Matt Blaze of the University of Pennsylvania, Jake Braun of the University of Chicago, David Jefferson of the Verified Voting Foundation, Harri Hursti and Margaret MacAlpine of Nordic Innovation Labs, and DEF CON founder Jeff Moss—documented dozens of other severe vulnerabilities found in voting systems. They found that four major areas of "grave and undeniable" concern need to be addressed urgently. One of the most critical is the lack of any sort of supply-chain security for voting machines—there is no way to test the machines to see if they are trustworthy or if their components have been modified. Read 3 remaining paragraphs | Comments

Read More »

Democrats introduce an election security bill that proposes paper trails and mandatory audits

As primaries ramp up in states across the U.S., concerns about election cybersecurity are mounting too. This week, a group of Democratic senators introduced a bill to mitigate some of the well-established risks that the nation’s uneven mix of voting machines and election systems poses. The new bill, known as the Protecting American Votes and Elections Act , proposes two significant measures. First, because not all digital voting systems produce a paper trail, it would require all state and local elections to ensure that their equipment produces voter-verified paper ballots that can be cross-referenced. Second, for all federal elections regardless of outcome, state and local governments would be required to conduct audits comparing digital ballots to a random selection of paper ballots. The latter policy would cover the 22 states that currently don’t require audits following elections. “Leaving the fate of America’s democracy up to hackable election machines is like leaving your front door open, unlocked and putting up a sign that says ‘out of town.’ It’s not a question of if bad guys get in, it’s just a question of when,” Oregon Senator Ron Wyden said in a statement accompanying the bill. Voting integrity is one of Wyden’s pet issues and the senator has pressed for his home state of Oregon’s vote-by-mail system to be adopted nationally. Wyden is joined by Democratic Senators Kirsten Gillibrand, Ed Markey, Jeff Merkley, Patty Murray and Elizabeth Warren on the legislation. Congressman Earl Blumenauer plans to introduce a corresponding bill in the house. “We know that Russia hacked into American voter systems to influence our election – and we know they’ll try to do it again,” Sen. Warren said. “Our national security experts have warned us that the country’s election infrastructure is vulnerable – this bill will take important steps to help secure it.” While the bill isn’t a bipartisan proposal — yet, anyway — these same measures are widely supported by election security experts as well as the Department of Homeland Security and a Senate Intelligence Committee report  offering recommendations for securing the vote from earlier this year. The full text of the bill is embedded below. View this document on Scribd

Read More »

US senator grills CEO over the myth of the hacker-proof voting machine

Enlarge (credit: ES&S ) A US senator is holding the nation's biggest voting machine maker to account following a recent article that reported it has sold equipment that was pre-installed with remote-access software and has advised government customers to install the software on machines that didn't already have it pre-installed. Use of remote-access software in e-voting systems was reported last month by The New York Times Magazine in an article headlined " The Myth of the Hacker-Proof Voting Machine ." The article challenged the oft-repeated assurance that voting machines are generally secured against malicious tampering because they're not connected to the Internet. Exhibit A in the case built by freelance reporter Kim Zetter was an election-management computer used in 2016 by Pennsylvania's Venango County. After voting machines the county bought from Election Systems & Software were suspected of "flipping" votes―meaning screens showed a different vote than the one selected by the voter―officials asked a computer scientist to examine the systems. The scientist ultimately concluded the flipping was the result of a simple calibration error, but during the analysis he found something much more alarming―remote-access software that allowed anyone with the correct password to remotely control the system. Read 5 remaining paragraphs | Comments

Read More »