With Donald Trump already talking about the presidential election being rigged, Symantec has set up a simulated voting station that shows how electronic systems might be hacked to alter actual vote tallies for just a few hundred dollars.
+More on Network World: Was Trump bitten by Twitter time-stamp bug that stung Alec Baldwin’s wife?+
They found that while it’s possible to change the number of votes cast for each candidate, it would be very difficult to do so on a large enough scale to swing the election one way or the other.
However, enough machines in random precincts could be provably compromised so that general public confidence in the official outcome would be undermined, says Samir Kapuria, Symantec’s senior vice president for cyber security.
Using a voting-machine simulator that contains an aggregate of known vulnerabilities from real-world voting machines and some that Symantec found itself, Kapuria demonstrated several ways attackers could taint voting results.
Symantec researcher Brian Varner says U.S. representatives and senators have contacted him to learn about the vulnerabilities and exploits with the goal of figuring out how to better secure the voting.
+More on Network World: Hack the vote: How attackers could meddle in November’s elections+
Varner says standards are needed for computerized voting systems sold in the U.S. in order to beef up security. ATMs, which are analogous to voting machines, have such standards because they serve a single industry that built consensus around them.
A range of exploits could leave electronic voting open to a range of exploits from a lack of encryption to Wi-Fi connectivity and the physical integrity of the devices, he says.
It’s a difficult problem, though, because elections are set up by individual states that don’t necessarily want to give up authority over what systems they use. This summer, the secretary of state in Georgia turned down a Department of Homeland Security offer to help secure its voting system saying it was a federal power grab.
Other security experts are concerned as well. Bruce Schneier, for one, has written urgently for action before this fall’s election.
“But while computer security experts like me have sounded the alarm for many years, states have largely ignored the threat, and the machine manufacturers have thrown up enough obfuscating babble that election officials are largely mollified,” he writes.
“We no longer have time for that. We must ignore the machine manufacturers’ spurious claims of security, create tiger teams to test the machines’ and systems’ resistance to attack, drastically increase their cyber-defenses and take them offline if we can’t guarantee their security online.”
Symantec’s research supports his worries. In addition to being a relatively inexpensive undertaking – just several hundred dollars, Kapuria says – hacking the voting system isn’t that difficult. Varner says it would take someone with a lot of focus and a skill set of seven out of 10, with one being a person who carries out compromises by Googling instructions and blindly following them.
Kapuria says attacks can accomplish three things. First, the actual vote count could be altered, but probably not on a scale to alter the outcome. Second, compromising a smattering of machines could create chaos among the electorate by casting doubt on results. And third, contaminated East Coast election results reported to news outlets could alter on a large scale whether and for whom West Coast voters cast ballots.
Varner bought an actual voting machine on an online auction site for less than $200, including shipping, using his own name and having it mailed to his home without identifying himself as a Symantec employee. That was to show that an average person with not tech security connections could buy one.
He bought commercially available reprogramming devices for $15 that let him reset the chips embedded in voter ID cards so one person could vote more than once. It could also permanently alter the chips so that when voting officials reprogrammed them to be used by other voters, they would register with the voting machine as if the same person voted over and over again.
A chip card manufacturer told him it could print them with whatever design he wanted on them, including official state seals, so it would be possible to substitute real ones with ones made by attackers but that looked similar.
Varner says voting machines use storage devices – essentially USB sticks – that perform two legitimate functions: uploading the ballots voters see on the screens and downloading the actual votes cast in the machines. These devices are plugged into each machine then manually connected to tallying devices to tote up the votes cast at all the polling places in a county, for example.
He was able to buy one and compromise it, which means an attacker could alter the ballot or have the machine count a vote for Candidate A when the voter actually pressed the button for Candidate B. The data on the storage devices was not encrypted.
Also, since the device is handled by a person between the voting machine and the tally device, it could be compromised or altered in any number of ways en route between the devices, he says. Voting machines in some states don’t print out paper tallies, so there is no way to check whether the tally recorded by individual voting machines matches the number of votes reported to the tallying device. “There’s no way to do a recount,” he says.
Some say that voting machines are not connected to the internet, but he found that some voting machines are Wi-Fi enabled so that they could be connected to the internet by an attacker. Even if they don’t have Wi-Fi, the votes could be compromised by an ambitious hacker if an upstream device, such as the tallying server, can be connected to the internet, Varner says.
He says tallying computers ran Windows operating systems earlier than Windows 7 and their user manuals included instructions for networking them. That presents the possibility of hacking them remotely if the network they are attached to connect to the internet, he says.
Physical security for the machine he bought was weak. A proprietary screw head was used on screws that secured the casing so it could not be opened except by an official with a proprietary screw driver. He found one at Lowe’s that worked. That means a poll volunteer with access to machines could open them up to access their memory without leaving a trace, he says.
He did that with the machine he bought online and found it still held results from one of the last two presidential elections, including write-ins that he was able to read on his Mac as if the machine’s memory were just another drive.