Hackers at at a conference in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure.
Tech minds at the annual DEF CON in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software.
According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products.
Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.
The Register reported that the challenge was designed by Jake Braun, the Chief Executive Officer of Cambridge Global Advisors and Managing Director of Cambridge Global Capital.
“Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we've uncovered even more about exactly how,” Braun said.
“The scary thing is we also know that our foreign adversaries — including Russia, North Korea, Iran — possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”
The machines were bought on Ebay and were manufactured by major U.S. voting machine companies such as Diebold Nixorf, Sequoia Voting Systems and Winvote.
In January, President Trump signed an executive order establishing a commission to investigate possible voter fraud in the 2016 election.
The commission, chaired by Vice President Mike Pence Mike (Michael) Richard PencePence: Administration policy is 'America first,' not 'America alone' Pence: ‘We believe China should do more’ on North Korea Waters: Pence is planning his inauguration MORE, is expected to “study the registration and voting processes used in Federal elections” as well as “fraudulent voter registrations and fraudulent voting," the order says. Trump himself has made baseless claims about millions of illegal voters during the 2016 election.
“You can never really find, you know, there are going to be — no matter what numbers we come up with there are going to be lots of people that did things that we're not going to find out about,” Trump said in January. "But we will find out because we need a better system where that can't happen.”
- This post was updated on July 30 at 12:39 p.m.
mdowney on July 30th, 2017 at 00:47 UTC »
Wait... Why are voting machines able to be bought on eBay? Doesn't that seem odd?
msiekkinen on July 30th, 2017 at 00:31 UTC »
Slot machines in vegas are better regulated, inspected, tested and secured.
steroid_pc_principal on July 29th, 2017 at 23:46 UTC »
The Register article was better IMO. From it:
That's just asking for trouble. I'm surprised the feds haven't stepped in and standardized our voting infrastructure. That's what the NSA was originally created for, securing our infrastructure from hacking.
It's a national security disaster waiting to happen and when it does heads will roll. Imagine a controversy that delayed the election results for a month, or even a week. It would not be pretty.
Edit since this is getting a lot of attention
This is an overview of Advanced Encryption Standard, formerly known as Rijndael. Something you should know about AES is that it is one of the most commonly used symmetric encryption algorithms in use today. Whenever you connect over HTTPS, or even withdraw money with an ATM, these systems are probably using AES. You'll notice that this paper lays out the technical details of the algorithm completely. Anyone in the world can access it, and understand it.
You'll also notice that the paper is hosted by NIST, a US government agency. This is because it was formalized by them after an open competition for what would become AES. Rijndael was the winner.
Anyone who could break AES, which at current key sizes is thought to be computationally impossible, would have more power than you can imagine. And yet no one does, and we don't worry that someone will tomorrow. I don't care if you put a $1 trillion reward on it.
There are a lot of differences between the idealized world of an encryption algorithm and the fuzzy realities of operational security when it comes to the integrity of an election. But we can still make it pretty damn hard. At least hard enough that it can't be broken in 30 minutes.