|It only takes $26 to hack a voting machine
Researchers demonstrated three different types of attacks
MSNBC | September 28, 2011
Campaigning for the 2012 presidential race has already begun, but what the candidates don't know is that come election day, hackers could be the ones whose votes have the biggest impact.
Researchers from the Argonne National Laboratory in Illinois have developed a hack that, for about $26 and an 8th-grade science education, can remotely manipulate the electronic voting machines used by millions of voters all across the U.S.
The researchers, Salon reported, performed their proof-of-concept hack on a Diebold Accuvote TS electronic voting machine, a type of touchscreen Direct Recording Electronic (DRE) voting system that is widely used for government elections.
(Diebold's voting-machine business is now owned by the Denver-based Dominion Voting Systems, whose e-voting machines are used in about 22 states.)
In a video, Roger Johnston and Jon Warner from Argonne National Laboratory's Vulnerability Assessment Team demonstrate three different ways an attacker could tamper with, and remotely take full control, of the e-voting machine simply by attaching what they call a piece of "alien electronics" into the machine's circuit board.
The electronic hacking tool consists of a $1.29 microprocessor and a circuit board that costs about $8. Together with the $15 remote control, which enabled the researchers to modify votes from up to a half-mile away, the whole hack runs about $26.
Two of the takeovers show the researchers controlling the buttons on the keypad despite what the "real" voter enters. But in what Warner called "probably the most relevant attack for vote tampering," the researchers were able to blank the e-voting machine's screen for a split-second after the "vote now" button was pressed. While the screen went dark, they remotely entered their own numbers into the DRE's keypad.
Johnston explained in the video: "When the voter hits the 'vote now' button to register his votes, we can blank the screen and then go back and vote differently and the voter will be unaware that this has happened."
Johnston and Warner say that the ease with which this type of remote hack could be deployed highlights the need for e-voting machines to be designed better, with not just cybersecurity, but physical security in mind.
"Spend an extra four bucks and get a better lock," Johnston said. "You don't have to have state-of-the-art security, but you can do some things were it takes at least a little bit of skill to get in."