Yikes! Expert Shows Security Vulnerabilities of Electronic Voting Machines

A man casts his ballot using an electronic voting machine November 6. (Photo: J.D. Pooley/Getty Images)

TheBlaze has recently written about the claims some have made about voter fraud, but hacking of electronic voting machines is also an almost annual election story. In fact, the Vulnerability Assessment Team (VAT) at Argonne National Laboratory (ANL) is called upon almost every election season to talk about how easy it is to take control of some of these voting machines.

Roger Johnston, the head of the VAT, told Popular Science recently that funding to study election security is hard to come by. For this reason, Johnston said he and his team conducted experiments to hack electronic voting machines as a "Saturday afternoon type of project." This is also why awareness of the situation is important to the team as well.

Physical hacks of voting machines have been found to be relatively simple. (Photo: Argonne National Laboratory)

On the Vulnerability Assessment Team's portion of ANL's website, they state:

We believe that too often election officials assume (incorrectly) that: the bad guys have to attack the computer/microprocessor or cyber parts of the machine--which requires real smart people; that “certification” of machines is some kind of silver bullet against vote tampering; that adhesive label seals are good at detecting tampering and that they will be blatantly ripped open by an attacker and that they require almost no training to use; that you should get your security advice from manufacturers of voting machines, locks, and seals; that piling on lots of security features leads to good security; that “security by obscurity” (keeping secrets) is how you get good security; that a chain of custody is a piece of paper on which people scribble their initials or signatures; that hundreds of voting machines have to be compromised for the bad guys to succeed; that vote tamperers are only interested in getting their candidate to win the election; and that physical and cyber security are easy.

What the team has demonstrated several times is that non-cyber attacks are possible and relatively simple to conduct on voting machines. Johnston described one  -- a man-in-the-middle attack -- to Popular Science. He explained that it involves putting an electronic device into the voting machine, which lets the hacker control voting by tampering with the machine's electronic communications. Johnston said "we can do this because most voting machines, as far as I can tell, are not encrypted."

The hack -- which costs between $10 to $26 for the parts and uses a Phillips screwdriver and an Allen wrench -- is demonstrated below:

Johnston said the microprocessor that would be inserted to hack the machine can be found at stores like Radio Shack.

"I’ve been to high school science fairs where the kids had more sophisticated microprocessor projects than the ones needed to rig these machines," he said.

Johnston acknowledges that a non-cyber attack like this would require physical tampering of the machine, but he said that access shouldn't be too difficult to obtain.

"A lot of voting machines are sitting around in the church basement, the elementary school gymnasium or hallway, unattended for a week or two before the election," he said.

"And a lot of our election judges are little old ladies who are retired, and God bless them, they’re what makes the elections work, but they’re not necessarily a fabulous workforce for detecting subtle security attacks."

Overall, Johnston said that stopping sophisticated hacks, even if the machines were more tech savvy, would be difficult. But he said that creating a culture where polling security was good, even if the machines themselves were lacking, would lead to better elections.

"...  I want to move it to the point where grandma can’t hack elections, and we’re really not there," he told Popular Science.

Johnston was recently featured on CNN showing off the hacks as well. Watch the clip:

ANL suggests some of the following measures that should be taken better election security:

• Randomly select and test polling equipment's hardware, software and firmware for tampering and/or malware prior to the election. Even the random decision of which equipment to test should be done by in a random method, like pulling numbers of a hat, not chosen by an individual.
• Thorough background checks should have been conducted on poll workers, technicians and volunteers. ANL even suggests trying to bribe some of these people as a test, seeing if access to voting equipment could be obtained.
• The same key should be able to open all voting machines.
• Train staff in subtle evidence of seal spoofing or tampering.
• Voting machines should be escorted during transport.

Read more details about the hack Johnston described to Popular Science here.

Related:

• More Electronic Voting Machines Changing Romney Votes to Obama: We Looked Into It and Here’s What a Vendor Told Us
• Houston Poll Watcher Says NAACP ‘Ringleader’ Was Accused of Touching Voting Machine
• Have You Heard About ‘Spigot Cities’ That May Pump Votes to Obama?
• Why Are Some States Dumping Their Electronic Voting Machines and Going Back to Paper?