Hacker Rigs Electronic Voting Machine with $30 Worth of Parts From Radio Shack
Today's Presidential election figures to be an extremely tight race between Barack Obama and Mitt Romney, and whoever wins -- Mitt Romney, according to AVAST Software's mega-poll -- will likely claim victory by a small margin. But will it be an honest election?
We're not making a facetious statement about politics. What has us worried is an article in Popular Science that reveals just how incredibly easy and inexpensive it is to rig a voting machine. Let's backtrack a moment.
Roger Johnston, head of the Vulnerability Assessment Team at Argonne National Laboratory, recently led a team of security researchers on a demonstration that involved hacking electronic voting machines. He wanted to show how easy it is to steal votes, and though he was successful in his demonstration, some of those very machines will be used in today's election. Millions of them, in fact.
Johnston explained to Popular Science how he and his team managed to rig voting machines, referring to his method as a man-in-the-middle attack. What he did was implant a logic analyzer into the machines, which allowed him to spy on and manipulate the digital communication between the voter and electronic device.
"So we listened to the communications going on between the voter, who in the case of one machine is pushing buttons (it’s a push-button voting machine) and in the other is touching things on a touchscreen. Then we listened to the communication going on between the smarts of the machine and the voter," Johnston explains.
Using that information, Johnston could choose to let a communication pass through if the voter pushed a button corresponding to the candidate he wants to win, or he could tamper with it and change their vote. According to Johnston, most voting machines aren't encrypted, so it's simply a matter of figuring out the information being exchanged.
As for cost, the device he implanted in the touchscreen machine runs about $10 retail. There's also a $26 deluxe version that allows a person to remotely control the machine from a half mile away. All of the parts needed can be found at RadioShack, Johnston says.
"The attacks require physical access. This is easy for insiders, who program the machines for an election or install them," Johnston explains. "And we would argue it’s typically not that hard for outsiders. A lot of voting machines are sitting around in the church basement, the elementary school gymnasium or hallway, unattended for a week or two before the election."
We're not making a facetious statement about politics. What has us worried is an article in Popular Science that reveals just how incredibly easy and inexpensive it is to rig a voting machine. Let's backtrack a moment.
Roger Johnston, head of the Vulnerability Assessment Team at Argonne National Laboratory, recently led a team of security researchers on a demonstration that involved hacking electronic voting machines. He wanted to show how easy it is to steal votes, and though he was successful in his demonstration, some of those very machines will be used in today's election. Millions of them, in fact.
Johnston explained to Popular Science how he and his team managed to rig voting machines, referring to his method as a man-in-the-middle attack. What he did was implant a logic analyzer into the machines, which allowed him to spy on and manipulate the digital communication between the voter and electronic device.
"So we listened to the communications going on between the voter, who in the case of one machine is pushing buttons (it’s a push-button voting machine) and in the other is touching things on a touchscreen. Then we listened to the communication going on between the smarts of the machine and the voter," Johnston explains.
Using that information, Johnston could choose to let a communication pass through if the voter pushed a button corresponding to the candidate he wants to win, or he could tamper with it and change their vote. According to Johnston, most voting machines aren't encrypted, so it's simply a matter of figuring out the information being exchanged.
As for cost, the device he implanted in the touchscreen machine runs about $10 retail. There's also a $26 deluxe version that allows a person to remotely control the machine from a half mile away. All of the parts needed can be found at RadioShack, Johnston says.
"The attacks require physical access. This is easy for insiders, who program the machines for an election or install them," Johnston explains. "And we would argue it’s typically not that hard for outsiders. A lot of voting machines are sitting around in the church basement, the elementary school gymnasium or hallway, unattended for a week or two before the election."
