Tuesday, September 9, 2008

Hack the Vote

Remember the hanging chads? There were months of huffing an puffing in Congress, and then a consensus emerged: Electronic Voting Machines will prevent this from happening again.

The security team at the University of California, Santa Barbara says to be careful what you wish for. They have a video showing how a virus-like malware program can take over an electronic voting machine, and change the electronic results, even without changing the printed copy. A smart attacker can get the result into the sweet spot - not so close that anyone would ask for a recount, but not so far from the actual votes that someone smells a rat.
While most critical systems are continuously scrutinized and evaluated for safety and correctness, electronic voting systems are not subject to the same level of scrutiny. A number of recent studies have shown that most (if not all) of the electronic voting systems being used today are fatally flawed, and that their quality does not match the importance of the task that they are supposed to carry out.
Most e-Voting systems are "closed" systems - they use proprietary software. Unlike Open Source products like Linux or the Apache web server, you can't look at or analyze the code. There seem to be a rash of security issues around e-Voting systems that make their robustness to tampering highly suspect.

As always, XKCD sums it up:

H/t Slashdot.

No comments: