How Hard Is it to Hack a Voting Machine? DEF CON Hackers Prove: Not Very
This weekend, tens of thousands of hackers gathered at Caesar’s Palace in Las Vegas for DEF CON, the annual hacker convention. This year’s convention introduced a timely challenge for attendees. About two dozen electronic voting machines were set up, inviting hackers to see just how difficult they are to infiltrate. The answer: not very.
Every single e-vote machine at @Defcon got hacked in < 2.5 days (some in minutes) to hackers without inside or domain-specific knowledge.
— Pwn ██ ██ ███ 1.4(C) – Pro Se Tweets (@pwnallthethings) July 31, 2017
Some of the systems were terrifyingly easy to hack, and luckily, many of those are no longer in use in American elections. But the fact that this group got into every single machine in a matter of minutes to days, serves as clear proof that our elections are incredibly vulnerable.
Horrifyingly, some were hacked wirelessly (ie no physical access). Many hadn't had OS or basic software patches in over a decade.
— Pwn ██ ██ ███ 1.4(C) – Pro Se Tweets (@pwnallthethings) July 31, 2017
#VotingVillage is mostly teenagers who've never seen a voting machine (much less voted) & cracking in 100 min – what can Russian hackers do? https://t.co/mVWsvgBN9z
— Phil Stupak (@PStupak) July 29, 2017
Not only were the systems themselves able to be hacked, but there seems to be a huge amount of careless human error in how these machines, and the sensitive information they hold, are handled.
Others had been sold off after use, but hadn't been wiped; still had voter data on them. Didn't hear of any with any credible audit trail.
— Pwn ██ ██ ███ 1.4(C) – Pro Se Tweets (@pwnallthethings) July 31, 2017
Default passwords man. Default passwords. #votingvillage
— Joshua M Franklin (@thejoshpit) July 30, 2017
The convention also hosted a number of talks on the subject of voting system security. Because at this point, the only person who doesn’t think we need increased security, and the only person who still flat-out refuses to admit Russia could have had any influence whatsoever in the last election, is Donald Trump. Trump has been pushing more and more hackers to use their powers for political good since before the election. After he called on Russia to hack and publish Hillary Clinton’s emails last summer, the group Hackers for Hillary saw a huge increase in participation.
Co-creator of that group and founder of DEF CON said back then, “I don’t know how you can influence policy makers and have a seat at the table if you don’t participate. We can either get involved in policy or policy can be done to us. We can either embrace it or be passive about it, but it’s going to happen one way or the other.”
Campaign interference and election tampering aren’t new phenomena, but with Trump speaking, even bragging, so publicly about possibly enlisting Russian help to cheat the election (AND THEN WINNING* ANYWAY), there’s unprecedented public attention on the issue. And that’s essential to fixing this broken system. Leading up to the convention, the LA Times reported that Los Angeles County would be sending specialists to DEF CON to learn from the hackers and even enlist their help in developing a new voting system for the county.
The event’s co-organizer, Matt Blaze, told Forbes, “We want to make the problems public, so they can be fixed, so the public will know what the problems are and will be able to demand their systems be improved. Anything that helps informs the public qualifies as good faith here. “The stakeholders for voting machines are everyone in the country. So it’s important the problems get fixed.”
(via Twitter, image: Shutterstock)
Want more stories like this? Become a subscriber and support the site!
—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—
Have a tip we should know? [email protected]