How security flaws in voting machines could discredit election results
PHILADELPHIA -- For months, Donald Trump, the Republican presidential nominee, has complained loudly and publicly that the election is "rigged."
Trump has warned supporters that rampant voter fraud may cost him, and his voters, the election. One recent poll said Trump has swayed about a quarter of registered voters into believing that it's possible, despite overwhelming evidence showing that voter fraud is "virtually non-existent."
But a series of high profile cyberattacks on voter registration systems in at least 20 states -- and a massive breach this spring of databases used by the Democratic National Committee and Hillary Clinton's campaign -- has set a sizable portion of the public on edge. Almost six-in-ten US voters believe it's likely electronic voting machines could be hacked during the election, according to cybersecurity firm Carbon Black.
And recent research shows it's easier than some might think.
Last week, Symantec released the results of a simulated election it ran during the Black Hat conference in August using an electronic voting machine it bought at auction. The company found numerous vulnerabilities in the machine that left it open to manipulation.
Not every voting machine is easy to hack. And there's no evidence that a single corrupted machine -- or even multiple machines -- would have any measurable effect on election results.
But the prospect of manipulation alone is enough to threaten the integrity of the entire system in the event of a close contest.
"There is a real issue in play here," said Brian Varner, a security expert at Symantec. "The idea that every vote counts is at the heart of our democracy, so relying on outdated technology to count those votes can undermine confidence in the process that is central to our system of government."
American voters will cast their ballots on November 8 using one of nearly two dozen different models of electronic voting machines -- manufactured by 15 companies. They all fall into two general categories: Optical-Scan Paper Ballots and Direct Recording Electronic (DRE) Systems. In precincts using optical scan systems, voters mark their ballots in pencil and then feed them into a scanning device that records the data and stores it electronically, while the paper ballot falls into a secured box in the event officials have to manually recount the vote.
But security experts say that DRE machines, which allow voters to select their candidate using a push-button or touchscreen system with vote counts stored on a internal hard drive or removable storage, are easiest to exploit. Technology varies between models, but at least three widely used DRE systems are proven to be sitting ducks for anyone with basic hacking skills.
Symantec wouldn't say which model of the machine its researchers hacked at Black Hat as it was contracted by the maker to improve its security, but a photo on the security firm's website identified it as a version of the Premier AccuVote DRE touchscreen device, formerly made by Diebold.
Verified Voting, a nonprofit group dedicated to providing information on elections, said these AccuVote machines are configured for each election using a standard PCMCIA flash storage card inserted into a slot on the side of the machine, and they are activated before each vote by a handheld device the size of a credit card.
AccuVote DREs are used statewide in Alaska, Utah and Georgia, and in precincts in more than 15 other states.
Symantec found that one of the easiest ways to hack the machine was through the voter card, which is used multiple times throughout each election and repeatedly handed between poll workers and voters.
"Anyone who knows how to program a chip card and purchases a simple $15 Raspberry Pi-like device, could secretly reactivate their voter card while inside the privacy of a voting booth," said Varner.
Varner says he was able to reset the card to allow an individual to vote multiple times, and also managed to program the card itself to cast multiple votes.
"In both approaches, that attacker is stuffing the digital ballot box and casting doubt in the validity of the results from that polling station," he said. Symantec also warned that a lack of encryption on the system's removable storage device "makes it easily exploitable, requiring only a simple device to reprogram the compact hard drive."
Another potential target of hackers is the Sequoia AVC Advantage, used across the state of Louisiana, four precincts in Virginia, two counties in Pennsylvania, and in the majority of counties in New Jersey.
In testimony in September before a House subcommittee, one expert in voting machine technology said he could hack the Sequoia AVC Advantage in seven minutes -- using just a screwdriver and simple piece of malware he created.
Security
Andrew W. Appel, who teaches computer science at Princeton University, said the most dangerous insecurities in DRE voting machines -- the Advantage, in particular -- allows an attacker to install a fraudulent vote-counting program to control the computer in the voting machine.
"The software I built wasn't rocket science -- any competent computer programmer could write the same code. Once it's installed, it could steal elections for years to come," said Appel.
It isn't the first time issues with DRE machines have been flagged. In 2005, the Congressional Research Service warned that while DRE machines "simplify recounts and reduce chances for error in them," problems with the machines themselves, such as tampering, would "probably not be discovered through a recount."
Appel called on Congress to outlaw DRE machines immediately after the November election.
To ensure integrity, most DRE voting systems now produce an individual paper record of each vote -- known as a voter-verified paper audit trail -- which prints a paper ballot reflecting the voter's choice on the computer so it can be examined for accuracy. The paper drops into a ballot box in case of a recount.
Verified Voting said eight out of ten of Americans will cast their ballot this year on an electronic voting machine that produces some form of hard copy record of their vote. That leaves more than a dozen states using DRE machines this year without this paper audit technology. In five states, not a single voting machine will produce a paper audit trail.
The election of 2016 will already go down as one of the most contentious and fraught political contests in modern history. And polls suggest several key battleground states are in play.
If the election is close -- and Trump convinces enough of his supporters that the game is rigged -- thanks to outdated and vulnerable election technology, it may well be impossible to prove him wrong.
Read more:
- In battleground Pennsylvania, claims of a "rigged" election may be impossible to disprove
- US officially accuses Russia of political cyber attacks
- Trump Organization is using horribly insecure email servers
- A pro-Hillary Clinton PAC leaked hundreds of donors' data
- FBI detects breaches in US state voting systems
- ZDNet Australia: E-voting is still the wrong answer to the wrong question