ES&S e-voting machine fails epically at withstanding hackers
by Darren Murph 
posted Dec 7th 2007 at 3:28PM
We're going out on a limb here and assuming that precisely no one is surprised, but yes, another e-voting machine has proven totally incapable of resisting even the most unsophisticated of hacks. Not long after California Secretary of State Debra Bowen okayed the use of systems that failed prior security audits provided they make a few last minute attempts to appear invulnerable, a security penetration team revealed that an ES&S test system was no better than the rest. Reportedly, Red Team researchers were able to circumvent physical blocks with little effort, and they were even able to access internal files by making a quick and dirty change to the BIOS and booting it up with an external memory device. Needless to say, this deceased horse has been bludgeoned quite enough, but if you're interested in seeing a dozen pages of epic failure, the read link has got you covered. [Warning: PDF read link][Via ArsTechnica, image courtesy of USA Today]
Filed under: Misc. Gadgets
Reader Comments (Page 1 of 1)
rumblerjon @ Dec 7th 2007 3:35PM
I' quite like to walk into a voting booth and play doom.
Tommy @ Dec 7th 2007 3:50PM
Does any one else see an electronic version of the "hanging chad" election controversy in our near future?
Justin @ Dec 7th 2007 3:53PM
Not to mention these things don't have a paper trail. It's a nightmare waiting to happen, but only if people care and pay enough attention to notice. I'm not sold on the idea that they will.
Brian McBride @ Dec 7th 2007 3:59PM
What type of people are they hiring to make secure voting machines?
I have a feeling that a large percentage of the Engadget audience could make a secure machine that could not be hacked so easily.
But then, the government has to have security holes, that way when it invalidates your votes it can blame it on something other than their evil plans.
Chuckles McGee @ Dec 7th 2007 4:10PM
Yeah, anything can be hacked, but if you have something secure enough, you'd hope it would at least take more than an election day to bypass.
Some sort of physical memory self-destruct might be useful to prevent rigged firmware/device tampering.
Brian McBride @ Dec 7th 2007 4:27PM
Also, I was thinking - what about physical security? Like the voting machines housed in a tamper resistant case so you cannot just connect an external drive? Something to where if the housing is opened the machine dies until a proper code is re-entered, similar to a car radio these days.
So many possibilities.
ethana2 @ Dec 7th 2007 7:00PM
If they were as careful with our votes as they are with implementing DRM schemes and locking down CDMA phones, we'd be all set.
...idiots.
BOB @ Dec 7th 2007 4:24PM
@Justin
Already happened this year in Florida. Sarasota had a contested election with thousands of problem votes and a margin of 'victory' of less than 400 votes.
http://www.heraldtribune.com/apps/pbcs.dll/section?CATEGORY=NEWS0521&template=ovr2
Captain Obvious @ Dec 7th 2007 4:25PM
Why can't everyone just adopt the Oregon (and I think other states) method and use vote-by-mail? No controversies since implemented several years ago, no having to man the booths, and the voting rate has gone up.
Bill Dorr @ Dec 7th 2007 6:12PM
YES. I love my Oregon so much, and this is one reason why.
Rey @ Dec 7th 2007 4:48PM
Electronic voting machines should be outlawed.
ethana2 @ Dec 7th 2007 6:59PM
We're really flexing our brain muscles today!
Rev. Matt oxley @ Dec 7th 2007 4:59PM
oooh ooh
vote by internets!!!
nevermind
anyway, i can see this killing Ron Paul in the end...so that sucks
ethana2 @ Dec 7th 2007 6:54PM
Direct meritocratic omniarchy is what I'm going for. Until we get that far, vote Ron Paul.
James @ Dec 10th 2007 8:46PM
So you think this would kill the Ron Paul campaign before, you know, the fact that he's a raving lunatic?
fnc @ Dec 7th 2007 4:55PM
I kind of hope some mirthful hackers are able to exploit enough machines to allow "Foofie" or "Fnarf" or some other non-candidate to win an election. That'd get people's attention. Maybe.
rzlmlchm009 @ Dec 7th 2007 6:13PM
come on fhwgads, fhwgads FTW!!!
ethana2 @ Dec 7th 2007 6:51PM
You spelled it wrong.
...and don't waste your vote.
Nubaeus @ Dec 7th 2007 5:23PM
Spellcheck in the title anyone?
drsilverworm @ Dec 7th 2007 6:12PM
Epically is a word entirely different from especially