October 1, 2011
Electronic Voting Machines Are Unsafe From Hackers
Computer scientists have demonstrated a way that hackers can use off-the-shelf hardware to tamper with electronic voting machines.
The Diebold AccuVote TS electronic voting machine will be used to cast ballots for the 2012 presidential elections.
A hacker could insert a small circuit board between the components connecting the touch screen of the device to its microprocessor.
The $10.50 card then controls the information flowing into the machine's internal processor, which allows attackers to change votes with almost no visible sign of what is taking place.
Researchers from the Vulnerability Assessment Team at the Argonne National Laboratory in Illinois showed how the card could be used to kill the power to the voting machine's touch screen to temporarily block out what is displayed so voters cannot see their choices being modified.
Another $15 of hardware could allow hackers to remotely tamper with machines from distances as far away as a half mile.
The researchers said anyone with an eight-grade education could construct the cards using standard tools and off-the-shelf components.
“This is an attack that requires less skill, so you don't have to have people hacking the software,” David Dill, a Stanford University computer science professor and a critic of electronic voting machines, said in a statement.
“On the other hand, this does involve messing with a lot of individual machines, so it might be a little harder to change very large numbers of votes without getting caught.”
The researchers said they have even found a more powerful attack against the Sequoia Advantage AVC, which is a competing electronic voting machine.
They said the hack on the Sequoia allows "bidirectional" control of the machine.
The researchers said they believe their attack will work on a wide variety of electronic voting machines.
“There are a million ways to hack these machines, and there are a million ways these machines can just make mistakes because they have software bugs in them,” Dill said in a statement. “You have no way of checking independently of any computer whether the vote was accurately recorded and counted.”
On the Net: