In response to growing fears that future U.S. elections could be altered by nation-state hackers, DEF CON 25 this year hosted its first-ever Voting Village, where attendees were invited to tinker with election technology and exploit their vulnerabilities.
Within mere hours of opening, members of the hacker community were apparently not only compromising machines with known bugs, but also finding previously undiscovered issues.
“Within the first hour and a half after we opened, people were starting to discover new things about these machines that experts like myself who’ve been looking at these things for 10 years haven’t previously discovered, said Matt Blaze, professor and director of the University of Pennsylvania’s Distributed Systems Lab, one of the Village organizers. “I think that goes to show how important it is to have a really broad range of people a broad community looking at this kind of technology if you have any hope of wanting to trust it to do something serious.”
Corroborating Blaze’s account, the “DEFCON Voting Village” twitter account posted this tweet: “90 min after doors open: Complete remote control on the operating system level of the Winvote voting terminal (including election data).”
Ben Dlin, an intern at Nordic Innovation Labs helping to run the Village, elaborated on this particular compromise, explaining that a hacker was able to access the machine wirelessly. “None of these machines are supposed to have wireless access,” said Dlin, noting that the researcher “had full access to the machine within I’d say almost a half-hour of him sitting down.”
In addition to the Winvote, the Voting Village also featured the Edge, ES7S iVotonic, Diebold TSX, and Diebold Expresspoll 4000 machines. Dlin said that as of approximately 1:30 PST, three-and-a-half hours after the Village had officially opened, “three or four” machines had already been compromised.
As Blaze spoke with Sc Media, one group of researches was looking at a Diebold touchscreen machine. “We set that up and next thing we knew, I turned my head and somebody is trying to take it apart and probing it in various ways. “They’re doing what we’ve been encouraging people to do, which is try to understand what the different interfaces, are reverse engineer as much as they can, and let us know what they find.”
Read the complete article at scmagazine.com
Bradley Barth is a Senior Reporter for SC Media.