Hackers 5, voting machines 0. It took less than a day for attendees at the DefCon hacking conference to find and exploit vulnerabilities in five different voting machine types.
“The first ones were discovered within an hour and 30 minutes. And none of these vulnerabilities has ever been found before, they’ll all new,” said Harri Hursti, co- coordinator of the event.
One group even managed to rick-roll a touch screen voting machine, getting it to run Rick Astley’s song “Never Gonna Give You Up,” from 1987.
The Voting Machine Hacking Village event at the 25th annual DefCon computer security conference ran from Friday to Sunday. Its goal was to educate the computer security community about potential weaknesses of the voting systems used in U.S. elections and get them involved in fixing them.
By all accounts it worked.
“This software just isn’t up to modern standards. It’s not even as strongly protected as a PC,” said Brandon Pfeifer, a security expert who works on embedded aviation systems in Kansas City. He came to the event because voting “has been such a hot topic after the presidential election,” he said.
Conference goers thronged to the room where more than 30 voting machines were laid out in various states of disassembly.
The machines themselves were mostly bought on eBay, said event co-coordinator Matt Blaze, a professor at the University of Pennsylvania and election security expert. Only one of the models has been decommissioned, the rest are still in use around the country, he said.
Ad hoc clusters of attendees hunched around each of them, murmuring quietly as they tested various inputs. Every once in a while, someone would call out for help or advice. “Anybody got a card scanner?” or “Did somebody have the manual for the Diebold?”
Read the complete article at USAtoday.com
Elizabeth Weise covers computer security, technology and Silicon Valley out of USA TODAY’s San Francisco bureau.