Hacking Electronic Voting Machines via Man-in-the-Middle Attacks
With election day fast approaching in many states, researchers from the Vulnerability Assessment Team (VAT) at Argonne National Laboratories have produced a video (embedded below) that demonstrates “simple, non-cyber, man-in-the-middle attacks” on the Diebold Accuvote TS electronic voting machine. Using parts that cost $10, researchers Roger Johnston and Jon Warner inserted custom hardware into the Diebold AccuVote TS that could read the touchscreen vote as well as alter the stored information. Changing electronic votes is not new. What’s novel is that with an additional $16 remote control, the team was able to perform a man-in-the-middle attack from up to a half mile away.
Previously the same team, described on their site as “a multi-disciplinary team of physicists, engineers, hackers, and social scientists,” demonstrated similar flaws on Sequoia Voting Solutions machines.
After the contentious 2000 presidential election, various elections commissions studied the problems in counting the final vote in several states. In December 2005, the US Election Assistance Commission adopted what are known as the Voluntary Voting System Guidelines (VVSG). These guidelines sought to establish a minimum security standard for voting systems including electronic voting systems. The VVSG took effect in 2007.
Apparently the word “voluntary” has been taken too liberally as relatively simple hacks are still possible today.
The Diebold AccuVote-TS voting system in particular is no stranger to controversy. In 2004, California Secretary of State Kevin Shelley de-certified the Diebold AccuVote-TS machines after fraud was found in both Alameda and San Diego Counties. In 2007, the new California Secretary of State, Debra Bowen, commissioned “red team” researchers for a “Top to Bottom” evaluation of all the voting machines in her state—including optical scanners and punch cards. Companies included in that survey wee Diebold Election Systems, Hart InterCivic, Sequoia Voting Systems and Elections Systems and Software, Inc. In the end, all units—including the AccuVote-TS–were found not to meet the VVSG, were vulnerable to attack, and were de-certified from continued use until the known issues were resolved.
Even if a given voting machine is certified at the election office, voting machines are often shipped to the polling stations several days in advance of an election. It is in this period of time–when the machines are outside the election office, stored in schools, libraries, and even homes–that tampering may occur. Certainly $26 would be a trivial amount to a desperate campaign.
Previously Princeton researcher J. Alex Halderman and others have shown how easy it is to open electronic voting machines such as the Diebold AccuVote TS. In some cases researchers have found the physical key was generic across all the different machines—in some cases, you could order them online. And there was a whole traning session at the this year’s Black Hat in Las Vegas dedicated to removing tamper-proof seals so as not void the warranty.
This is a sorry state. In the decade since the 2000 presidential elections, voting technology has not aggressively pursued security. Much of the controversy has focused on the requirement of paper receipts: advocates say it guards against vote tampering, and opponents claim privacy violations. The researchers at Argonne National Laboratory remind us that more basic concerns—interrupting the circuitry—remains a concern, with or without paper receipts.
Note: In 2006, Diebold changed its voting systems to Premiere Election Solutions and in September 2009, that Premiere subsidiary was sold to Election Systems and Software, which now markets the AccuVote product line.
Related Reading: Hacking Internet Connected HDTVs