Default root passwords, Italian food, lock picks, inexpensive adapters and the use of very old operating systems were among the many issues found that made the election machines tested at Def Con 26’s Voting Village susceptible to being hacked.
These were the findings of the just issued Def Con 26 Voting Village report whose writers offered up a 12-point plan to help secure U.S. polling. This included several physical changes such as implementing the universal use of paper ballots, updating poll books and better security of the voter infrastructure, particularly voter registration.
In addition, the report recommended more federal funding for the states to help implement the suggested upgrades, more use of outside experts, provide resources and training, share information across the entire voting industry and for the Department of Homeland Security to institute a pre-election threat assessment that would help it bolster its support to state and local entities that require assistance.
Tim Mackey, Technical Evangelist at Synopsys, agreed with the recommendation that the municipalities should look to outside help and follow cybersecurity industry standard practices to ensure the security of voting machines.
This process of continuous improvement needs to apply to electronic election systems used in all democratic nations. In the US, were an agency like the Department of Homeland Security or National Security Agency to be tasked with performing an annual penetration test of all voting systems, and publish the results of those assessments; the voting public would retain confidence in the process while technology providers could improve their systems armed with expert security guidance.
The report is based on work done during Def Con 26 in August when event organizers turned hackers and researchers loose on 30 voting machines that were legally purchased or obtained to see what vulnerabilities could be found.
What was discovered was a laundry list of problems.
The Diebold ExpressPoll-5000, a pollbook designed for pollworkers to check if a voter is permitted to vote in that district, was found to have its root password set to “password” and its admin password was “pasta”. The report stated the passwords were stored in the system in the clear and the root password had most likely never been changed since it was taken into service.
The ES&S M650 is an electronic ballot scanner and tabulator for counting absentee and regular ballots. Its physical security was found wanting when a researcher picked the lock and opened the machine in under a minute. There were several other flaws noted on this device and the report pointed out it depends on outdated and no longer used Zip disks for software updates making it difficult to keep these machines properly patched due to their scarcity.
The AVS WINVote runs on a 2002 version of Windows XP, which is no longer supported by Microsoft and had none of the three service pack updates installed.
A variety of problems were also discovered with the smart cards used in many voting machines, particularly those with an NFC chip. Being NFC-enabled means they can be accessed by a similar device, such as a smartphone equipped with this technology.
“Due to a lack of security mechanisms in the smart card implementation, researchers in the Voting Village demonstrated that it is possible to create a voter activation card, which after activating the election machine to cast a ballot can automatically reset itself and allow a malicious voter to cast a second (or more) unauthorized ballots. Alternatively, an attacker can use his or her mobile phone to reprogram the smart card wirelessly, the report stated.
The Voting Village drew a large crowd of both participants and viewers, many of whom are directly involved in the nation’s electoral system.
Matt Blaze, co-founder of the Voting Village, said, “It’s been incredible, the response we’ve received. We’ve had over 100 election officials come through here and they expressed over and over again how much they have appreciated learning from this opportunity.”
However, the initial response at Def Con by the voting machine manufacturers and states using the devices was not welcoming.
National Association of Secretaries of State (NASS) sent a letter to the Voting Village organizers expressing their displeasure.
“Our main concern with the approach taken by Def Con is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security. Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day,” the NASS stated in its letter.
Harri Hursti, of Nordic Innovation Labs, countered stating at the time the goal of the Voting Village hack is not to do systematic research or testing, but to simply explore and gain information on possible problems with the machine.
“We are doing this in a responsible way,” he added, noting that while a mock election was held as part of the Def Con experience it was in no way supposed to represent a true voting experience.