After the debacle of the 2000 presidential election count, the US invested heavily in electronic voting systems – but not, it seems, the security to protect them.
This year at the DEF CON hacking conference in Las Vegas, 30 computer-powered ballot boxes used in American elections were set up in a simulated national White House race – and hackers got to work physically breaking the gear open to find out what was hidden inside.
In less than 90 minutes, the first cracks in the systems' defenses started appearing, revealing an embarrassing low level of security. Then one was hacked wirelessly.
Of course, it's the wireless hacks that are the most worrisome:
It's one thing to physically nobble a box in front of you, which isn't hard for election officials to spot and stop. It's another to do it over the air from a distance. Apparently, some of the boxes included poorly secured Wi-Fi connectivity. A WinVote system used in previous county elections was, it appears, hacked via Wi-Fi and the MS03-026 vulnerability in WinXP, allowing infosec academic Carsten Schurmann to access the machine from his laptop using RDP. Another system could be potentially cracked remotely via OpenSSL bug CVE-2011-4109, it is claimed.
Greetings from the Defcon voting village where it took 1:40 for Carsten Schurmann to get remote access to this WinVote machine. pic.twitter.com/1Xk3baWdxv— Robert McMillan (@bobmcmillan) July 28, 2017
OK, so not all these machines are in current use, but I'd like to point out that we've known about their vulnerability to hacking just about forever, and it doesn't look like anyone in the voting machine manufacturing business is too concerned. And I'm sure The Hairpiece isn't concerned -- at least until someone hacks in and flips his votes.
Final quote: In the words of former FBI Director James Comey, ‘They're coming after America. They will be back.’