ES&S e-voting machine fails epically at withstanding hackers
By Darren Murph 
posted Dec 7th 2007 3:28PM
posted Dec 7th 2007 3:28PM
We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link][Via ArsTechnica, image courtesy of USA Today]
I' quite like to walk into a voting booth and play doom.
Does any one else see an electronic version of the "hanging chad" election controversy in our near future?
Not to mention these things don't have a paper trail. It's a nightmare waiting to happen, but only if people care and pay enough attention to notice. I'm not sold on the idea that they will.
What type of people are they hiring to make secure voting machines?
I have a feeling that a large percentage of the Engadget audience could make a secure machine that could not be hacked so easily.
But then, the government has to have security holes, that way when it invalidates your votes it can blame it on something other than their evil plans.
Yeah, anything can be hacked, but if you have something secure enough, you'd hope it would at least take more than an election day to bypass.
Some sort of physical memory self-destruct might be useful to prevent rigged firmware/device tampering.
Also, I was thinking - what about physical security? Like the voting machines housed in a tamper resistant case so you cannot just connect an external drive? Something to where if the housing is opened the machine dies until a proper code is re-entered, similar to a car radio these days.
So many possibilities.
If they were as careful with our votes as they are with implementing DRM schemes and locking down CDMA phones, we'd be all set.
...idiots.
@Justin
Already happened this year in Florida. Sarasota had a contested election with thousands of problem votes and a margin of 'victory' of less than 400 votes.
http://www.heraldtribune.com/apps/pbcs.dll/section?CATEGORY=NEWS0521&template=ovr2
Why can't everyone just adopt the Oregon (and I think other states) method and use vote-by-mail? No controversies since implemented several years ago, no having to man the booths, and the voting rate has gone up.
YES. I love my Oregon so much, and this is one reason why.
Electronic voting machines should be outlawed.
We're really flexing our brain muscles today!
oooh ooh
vote by internets!!!
nevermind
anyway, i can see this killing Ron Paul in the end...so that sucks
Direct meritocratic omniarchy is what I'm going for. Until we get that far, vote Ron Paul.
So you think this would kill the Ron Paul campaign before, you know, the fact that he's a raving lunatic?
I kind of hope some mirthful hackers are able to exploit enough machines to allow "Foofie" or "Fnarf" or some other non-candidate to win an election. That'd get people's attention. Maybe.
come on fhwgads, fhwgads FTW!!!
You spelled it wrong.
...and don't waste your vote.
Spellcheck in the title anyone?
Epically is a word entirely different from especially