A number of voting machines used in U.S. elections are easily hackable, a report from DEF CON, one of the world’s largest hacker conventions, found.
The report is based on the Voting Village experiment at July’s DEF CON conference in Las Vegas. Over the course of four days, hackers were invited to explore and tinker with voting machines to expose their vulnerabilities. Hackers with physical access to the systems were able to compromise some of the machines within minutes. Over the course of the experiment, each of the two dozen machines was breached in some way, the report notes.
The findings were presented by a panel of hackers and cybersecurity experts on an Atlantic Council panel on Tuesday, which included DEF CON founder Jeff Moss.
“These machines were pretty easy to hack,” Moss said. “This flies in the face of the narrative that’s been spun by the manufacturers, which is [that] you have to be an insider; you have to have specific knowledge of the technology; random people aren’t going to be able to just approach these machines and hack them.”
The panelists underscored that the voting machines are susceptible to both hardware and software hacks. The DEF CON report cites examples of hackers at Voting Village compromising machines by easily opening supposedly locked panels to expose components like USB ports and critical chipsets.
“Are the voting machines special? No, they’re really not. They’re hardware and software,” said Sherri Ramsay, former director of the NSA/CSS Threat Operation Center.
The first machine to be breached at the conference was the AVS WinVote. A Danish hacker was able to hack into the machine over Wi-Fi and found that he was able to change votes and turn off the machine remotely. The machine, which was in use in Virginia, was decertified in 2014. This model was the only one tested at DEF CON that could be compromised remotely.
“This vulnerability had clearly been in the system since 2003, allowing anyone within 150-300 feet of a polling place complete control of any WinVote machine while it was being used,” the report said.
Another piece of equipment, the Diebold ExpressPoll 5000, was found to still contain 650,000 entries of personal information of voters in Tennessee, security researchers found.
With the AccuVote-TSx, hackers discovered that removing a particular chip immediately disabled the machine, as it is connected to a battery controller.
In the ES&S iVotronic machine, hackers found a security flaw in an accompanying handheld device used by poll workers to open and close the polls. Hackers suspected they could exploit the flaw to change vote totals, the report said.
Given how easily Voting Village hackers found hardware flaws, the panelists said the risk of supply chain vulnerabilities in voting machines is considerable.
“It could be done with an insider just for money,” Ramsay said. “Change the firmware, change the chip process, change the software. An insider can affect huge numbers of chips.”
Many components of the machines used in Voting Village are manufactured abroad, including in China, making them susceptible to tampering by foreign actors.
“This discovery means that a hacker’s point-of-entry into an entire make or model of voting machine could happen well before that voting machine rolls off the production line,” the report says. “With an ability to infiltrate voting infrastructure at any point in the supply chain process, then the ability to synchronize and inflict large-scale damage becomes a real possibility.”
“A device can be hacked at any time during its life and once you have hacked it, it’s a persistent attack and you cannot clean it,” said Harri Hursti, co-founder of Nordic Innovation Labs and one of the Voting Village Organizers. He added that even knowing the origin of a component doesn’t make it safe, since its supply chain could extend beyond its country of origin.
The DEF CON findings come just weeks after the Department of Homeland Security notified 21 states that their election or voter registration systems were targeted by Russian hackers during the 2016 election. The DHS said that these attacks mostly consisted of superficial scans and did not result in election tampering.
Hursti cast doubt on the accuracy of DHS’ assessment.
“The machines don’t have the capability of providing you forensic evidence,” he said. “The fact is it can be done without leaving a trace.”
While some of the machines used in Voting Village were in use for more than a decade, issuing a public report on their vulnerabilities wouldn’t have been allowed a few years ago. A federal copyright law would have prevented DEF CON from buying voting machines for the experiment. Due to a three year-exemption issued in 2015, the convention was able to buy many of the machines on eBay.
Moss expressed frustration at how restrictive electronics manufacturers, including voting machine makerss, can be when security researchers ask to analyze the security of their devices.
“When these industries first come into contact with hackers and people who are giving an honest opinion of their technologies, they pull back and hide for a while,” Moss said. “We’re just going to tell you what we find. If you do a good job we’re going to tell you that’s awesome. And if you’re doing a poor job we’re going to say ‘Hey, please fix that.’ And the best part is it’s free.”
Moss said he hopes DEF CON can conduct a more robust version of Voting Village in the future, comprising a complete simulation of a polling station that includes back end software that tabulates votes and determines a winner.
“There’s never been a test of a complete system. This is mind boggling,” Moss said.
On the panel, former U.S. Ambassador to NATO Douglas Lute stressed that election hacking ought to be considered a national security issue.
“You don’t need to attack American with planes and ships and tanks. You can undermine democracy from the inside,” he said. “This is a national security issue because others watched. Others were observing what happened in 2016. If Russia can attack our elections, so can others.”
“For over 40 years … I didn’t question the sanctity of my vote,” Ambassador Lute said. “I don’t feel that way anymore.”