Tuesday, April 28, 2015

Hack the vote

I don't even know what to say about the "security" of this electronic voting system:
The amazing thing is that to find all this, VITA just scratched the surface, and mostly used off-the-shelf open source tools – nothing special. They didn’t have access to source code, or any advanced tools. Or said in other words, anyone within a half mile could have modified every vote, undetected.
So how would someone use these vulnerabilities to change an election?
  1. Take your laptop to a polling place, and sit outside in the parking lot.
  2. Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us).
  3. Connect to the voting machine over WiFi.
  4. If asked for a password, the administrator password is “admin” (VITA provided that).
  5. Download the Microsoft Access database using Windows Explorer.
  6. Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us.
  7. Use Microsoft Access to add, delete, or change any of the votes in the database.
  8. Upload the modified copy of the Microsoft Access database back to the voting machine.
  9. Wait for the election results to be published.
Note that none of the above steps, with the possible exception of figuring out the WEP password, require any technical expertise.  In fact, they’re pretty much things that the average office worker does on a daily basis.
It's getting harder and harder to look at this and not think that the original intent was to rig the elections.

4 comments:

genericviews said...

So the outcomes of the elections will go to whoever rigs last, right before the closing. Like an ebay auction.

Matt W said...

And every time someone modifies the database the poll closing time extends another 5 minutes.

KurtP said...

I knew back in Y2K that the Democrats had something planned to pie future elections...
Because why would they take that long and stupid stand in FLA with AlBore...to prove "something".

I just didn't know what they had in mind -
-until I saw that mandate about computerized voting come down.

Paul Bonneau said...

http://www.theonion.com/video/diebold-accidentally-leaks-results-of-2008-electio,14214/