Latest in Gear

Image credit:

DefCon event shows how easy it is to hack voting systems

Officials need to rethink their use of digital voting systems.
Jon Fingas, @jonfingas
October 10, 2017
Share
Tweet
Share

Sponsored Links

Reuters/Steve Marcus

It's no secret that it's possible to hack voting systems. But how easy is it, really? Entirely too easy, if you ask researchers at this year's DefCon. They've posted a report detailing how voting machines from numerous vendors held up at the security conference, and... it's not good. Every device in DefCon's "Voting Machine Hacking Village" was compromised in some way, whether it was by exploiting network vulnerabilities or simple physical access.

Multiple systems ran on ancient software (the Sequoia AVC Edge uses an operating system from 1989) with few if any checks to make sure they were running legitimate code. Meanwhile, unprotected USB ports and other physical vulnerabilities were a common sight -- a conference hacker reckoned that it would take just 15 seconds of hands-on time to wreak havoc with a keyboard and a USB stick. And whether or not researchers had direct access, they didn't need any familiarity with the voting systems to discover hacks within hours, if not "tens of minutes."

The report writers reach a few conclusions. To begin with, it's clear that dedicated hackers would have no trouble getting in -- if neophytes can hack a system after a brief learning curve, it'd be a walk in the park for state-sponsored hackers. They also warn that foreign components or software could add to the risk by giving ne'er-do-wells a chance to slip in malware that compromises an entire platform. And crucially, politicians, non-government groups and other experts should be involved to make sure that voting system security is treated seriously.

The question is, will the right people listen? It's hard to say. Key US officials did visit the voting machine village, including Homeland Security officials and Congress members like Rep. Jim Langevin and Rep. Will Hurd. And some states are already aware of security risks: Virginia is replacing one of the machines hacked at DefCon. The problem is that many politicians not only didn't attend, but are sometimes clueless about security. A truly comprehensive fix would involve a major, nationwide rethink of election security practices, and that may not happen so long as many of those in power don't take the problem seriously.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Suspected ransomware attack hits one of the largest hospital networks in the US

Suspected ransomware attack hits one of the largest hospital networks in the US

View
Xbox Series X first look: Fast, powerful and quiet

Xbox Series X first look: Fast, powerful and quiet

View
Early Prime Day deal drops 3rd-gen Echo Dot to $20 (when you buy two)

Early Prime Day deal drops 3rd-gen Echo Dot to $20 (when you buy two)

View
Apple Watch SE review: An excellent starter smartwatch

Apple Watch SE review: An excellent starter smartwatch

View
Dell updated its 13-inch XPS laptops with 11th-gen Intel CPUs

Dell updated its 13-inch XPS laptops with 11th-gen Intel CPUs

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr