In response to growing fears that future U.S. elections could be altered by nation-state hackers, DEF CON 25 this year hosted its first-ever Voting Village, where attendees were invited to tinker with election technology and exploit their vulnerabilities.
Within mere hours of opening, members of the hacker community were apparently not only compromising machines with known bugs, but also finding previously undiscovered issues.
“Within the first hour and a half after we opened, people were starting to discover new things about these machines that experts like myself who’ve been looking at these things for 10 years haven’t previously discovered, said Matt Blaze, professor and director of the University of Pennsylvania’s Distributed Systems Lab, one of the Village organizers. “I think that goes to show how important it is to have a really broad range of people, a broad community, looking at this kind of technology if you have any hope of wanting to trust it to do something serious.”
Corroborating Blaze’s account, the “DEFCON Voting Village” Twitter account posted this tweet: “90 min after doors open: Complete remote control on the operating system level of the Winvote voting terminal (including election data).”
Ben Dlin, an intern at Nordic Innovation Labs helping to run the Village, elaborated on this particular compromise, explaining that a hacker was able to access the machine wirelessly. “None of these machines are supposed to have wireless access,” said Dlin, noting that the researcher “had full access to the machine within I’d say almost a half-hour of him sitting down.”
In addition to the Winvote, the Voting Village also featured the Edge, ES7S iVotronic, Diebold TSX, and Diebold Expresspoll 4000 machines. Dlin said that as of approximately 1:30 PST, three-and-a-half hours after the Village had officially opened, “three or four” machines had already been compromised.
As Blaze spoke with SC Media, one group of researchers was looking at a Diebold touchscreen machine. “We set that up and next thing we knew, I turned my head and somebody is trying to take it apart and probing it in various ways. “They’re doing what we’ve been encouraging people to do, which is try to understand what the different interfaces are, reverse engineer as much as they can, and let us know what they find.”
Just as SC Media entered the Village area in the early afternoon, a young female researcher screamed and laughed with glee as she and fellow researchers infiltrated an e-poll book system’s internal database and structures, which house voter registration names.
Another corner of the Village featured back-end systems that one would find in an election office. There, groups of hackers would engage in red and blue team testing, attacking or defending the systems in real time.
Dlin stressed the significance of this myriad activity, noting it is the first time members of the general public have had an opportunity to test this equipment without being legally commissioned by an actual government entity.
Action wasn’t limited to just the Voting Village however. At DEF CON’s Packet Hacking village, researchers were tasked with hacking into a miniature model city by exploiting vulnerabilities in a variety of Internet of Things and smart city technologies that were connected to the model. For instance, hackers could stop the model railroad train from circling the city, or run it in reverse.
“We have an actual, real power meter that would be used in a city within the United States…” said event creator Brian Markus, CEO of Aries Security, who goes by the online handle Riverside. “If you can compromise the power meter, you can shut the grid down on the entire city.”
Meanwhile, at the Car Hacking Village, contestants were hard at work attempting to hack into various auto manufacturers’ vehicular systems, including their CAN bus networks, in a Capture the Flag contest offering a pick-up truck (presumably an unhacked model) as first prize. Challenges include hacking a car’s infotainment system, breaking into the crypto of the car, and transmitting data between car systems. “Once they get to 1,000 points, they unlock access to these vehicles ,where they can walk up to them and start hacking those, which is where the big-point challenges are,” said Jason Haddix, head of trust and security at Bugcrowd, one of the sponsors.