Hang your head, Sequoia e-voting machine; you've been hacked again
Oh, Princeton University, won't you leave the poor electronic voting machines alone? Haven't they suffered enough without you forming teams with researchers from the University of California, San Diego and the University of Michigan to spread their private moments even further asunder? That group of brainiacs came together to devise a new, even easier hack that allows someone with no special access to take complete control of a Sequoia AVC Advantage voting machine -- an example of which the team purchased legally at a government auction. The machine does not allow modifications to its ROM (because it has an O in the middle), but the team was able to use a technique called return-oriented programming to modify how the machine executes existing code, taking the bits they want and, ultimately, devising a way to re-program its behavior by simply inserting a cartridge into a slot -- presumably after blowing on it for good luck. The hack only works until the machine is powered off, but the attack even foils that, intercepting the switch signal and making the system only appear to power down. Today's top tip for electronic voting polling stations: unplug your boxes overnight.
[Via Digg]