Last weekend, hackers and researchers attending the Defcon security conference in Las Vegas weren’t surprised to find out how vulnerable electronic voting machines are to hacking when they tested their security defenses. But it was a wake-up call to several dozen election officials visiting the event, who used the occasion to get some valuable advice to better prepare them for upcoming elections in 2018 and 2020 amid widespread concerns over Russian hacking of voting systems.
How vulnerable were some of the machines? “Just to give you an example, the first successful hack was 90 minutes into the day on Friday,” Joseph Hall, chief technologist of the Center for Democracy and Technology, tells Fast Company.
To be fair, the machine hacked first was a device called the WinVote, made by now-defunct Advanced Voting Systems. It was dubbed “the worst voting machine in America” in a 2015 Slate article, around the time it lost its certification for use in Virginia elections. (It’s now believed to be out of use). Within a few hours, researchers had managed to “Rick Roll” conference attendees with the machine, manipulating it into playing Rick Astley’s “Never Gonna Give You Up” video. But other machines didn’t fare much better.
“Every single one of them had some sort of weakness,” Hall says.
The organizers of what they called the Defcon Voting Village bought about 30 voting machines, of roughly four different types, through eBay and government surplus sale sites like GovDeals. While researchers have for over a decade been warning of flaws in electronic voting machines that could let hackers disable them during elections or even tamper with vote totals, organizers say the event marks perhaps the first time that the security community at large was invited to tinker with the machines. Security researchers were even permitted to disassemble the machines to examine their hardware or dump data from onboard microchips. And, argues Defcon founder Jeff Moss, they effectively debunked claims from voting machine makers that flaws in the devices were only vulnerable to attacks from experts who’ve extensively studied the equipment.
“It turns out that people who have never seen these machines before were able to compromise them in a couple of hours,” Moss says. “They also got some novel results—some new things researchers had never even considered or knew were possible.”
Some devices had exposed USB ports that let hackers surreptitiously install software or even connect keyboards to them, and one even had a built-in SD memory card that wasn’t mentioned in any of its documentation, meaning officials wouldn’t even know to monitor it for tampering, he says. One device used to store lists of eligible voters apparently hadn’t been properly erased before being sold as surplus, meaning it still had personal information like names and addresses for hundreds of thousands of voters. Moss says the organizers are working with the county where the machine was used to handle the potential data breach appropriately.
Some machines had internal components protected by nothing more than the locks typically used to secure hotel minibars.
“It’s very easy to pick those locks,” Hall says.
And more flaws may be discovered as attendees continue to study their findings and data from the weekend.
Until fairly recently, voting security researchers were hamstrung by the Digital Millennium Copyright Act, the 1998 federal law designed to make it illegal to circumvent anti-piracy protections on media like DVDs. Makers of digital voting equipment argued the law prevented security experts from exploring the workings of the machines until 2015, when they were granted an exemption through a procedure in the law.
“Without having that change in interpretation of the law, this Village would not have been possible,” says Harri Hursti, cofounder of Nordic Innovation Labs and one of the organizers of the Village.
But many of the voting machines now in use date back more than a decade, from when Congress allocated more than $3 billion to help state and local election agencies replace old mechanical voting equipment in the wake of the “hanging chad” issues of the 2000 presidential election. Many of the machines bought then now not only face security problems, but also increasingly expensive costs to maintain their aging components, but it can be difficult for election officials to find the funds to replace them.
“The standards have been improving, and the stuff you can buy on the market right now is much better than it was the last decade,” says Hall. “Unfortunately, a lot of what’s out there is stuff that was available then.”‘
Some local officials came to the Voting Village to get a better understanding of exactly what the flaws are in their own election equipment—and how they can help prevent tampering in an actual election.
“A lot of these county commissioners were really desperate to learn anything on these machines, because all they have to go by is marketing material,” Moss says.
For example, officials with vulnerabilities from exposed USB ports might establish ways to keep those ports securely covered during an election. But ideally, many researchers say, elections should move away from digital touch screens and voting records and back to an older technology: paper. Paper ballots can still be scanned by electronic equipment to avoid human error or malfeasance, but they create a physical audit trail that purely digital ballots lack, especially if they’re sealed post-election and protected by strict chain-of-custody procedures.
“Without that paper trail, you’re kind of left in the dark, not knowing how do you actually audit the votes,” says Jay Kaplan, cofounder and CEO of Bay Area security firm Synack.
The organizers of the Voting Village say they hope the publicity will spur more jurisdictions to upgrade their voting equipment and procedures. They also hope to have a more extensive Village at next year’s Defcon, complete with entire networks of voting machines, tabulating machines, and the other equipment used behind the scenes in an actual election.
“There’s never been an actual security test of an actual voting network,” Moss says. “Never has there been a complete system tested, which is crazy, because that’s how you deploy these things: as a complete system.”