Report: E-Voting Systems Hackable
Researchers at the University of California were able to hack into all of the electronic voting systems they tested, finding multiple security weaknesses that could allow hackers to break into and modify the systems, alter polling results, or interfere with the proper functioning of the machines, according to a report released Friday.
The study was commissioned by California Secretary of State Debra Bowen, who will decide later this week whether to certify the devices for use in the Feb. 2008 presidential primaries.
The UC team, led by computer science professor Matt Bishop, examined systems made by Diebold Election Systems Inc., Hart InterCivic Inc. and Sequoia Voting Systems Inc. In all, the research team found more than a dozen physical- and software-based vulnerabilities in the systems.
Among the most common weaknesses the team found in nearly all of the systems was the ability to insert removable media - such as USB sticks or other cards used to initialize the systems - that could silently modify the systems at a fundamental level. By outfitting such a device with a Trojan horse program and dropping it into the pool of media used to start up the voting software, hackers could change vote totals or render the machines useless, the researchers found.
Some of the weaknesses resulted from the fact that all three vendors' systems run on top of Microsoft Windows, and several versions of the systems tested were not fully loaded with the latest security updates. In fact, both Hart and Sequoia let customers choose the version of Windows on which to run the systems. Sequoia's own documentation even recommends Windows 98 and Windows ME, two operating systems that are no longer supported by security updates from Microsoft.
On the Diebold systems, the testers were able to exploit Windows flaws to bypass the device's security system and access the polling data directly. With that level of access, the team was able to load wireless drivers into the system that could then be used to access a wireless device secretly plugged into the back of the machine. Researchers also found an undocumented, remotely-accessible Windows user account that can be accessed without a password.
Almost all of the systems also lacked adequate seals that would prevent an attacker from opening the systems and tampering with internal hardware and software, the testers said.
The report notes that the team may have missed a number of other key vulnerabilities due to time constraints of their testing. While the testing began in June, many important documents promised by the vendors weren't shared until a week before the group wrapped up its study. One vendor, Election Systems & Software Inc., was so late in providing the necessary documentation for the tests that it could not be evaluated.
Still, the researchers were careful to point out that many - but hardly all - of the flaws they found could be mitigated by improved physical security at the polling places and by attentive poll workers.
In a written statement, Diebold seized on that fact, saying that the presence of an experienced election official could help foil many of the attack scenarios outlined by the team.
"We were disappointed that California laws and regulations regarding the use of voting systems were not applied to the tests," the company said. "All voting systems in a laboratory environment are vulnerable, including touch screen systems, paper-based optical scan systems and the older lever and punch card technology that they replaced. This is why California and other states and voting jurisdictions have security procedures and protocols covering everything from equipment storage requirements to logic and accuracy testing on Election Day. The software tested in the laboratory is one part of a multi-layered security approach."
Sequoia blasted the report, saying in a statement that "This was not a security risk evaluation but an unrealistic worst case scenario evaluation limited to malicious tests, studies and analysis performed in a laboratory environment by computer security experts with unfettered access to the machines and software over several weeks."
Hart Intercivic's public response did not directly address the report's findings, but similarly highlighted the importance of security process at polling stations.
In a public hearing on the report held today, Secretary Bowen declined to react to the particulars of the report, saying she would carefully consider the findings before making her decision on Friday.
The comments to this entry are closed.