Every year, security researchers gather at Defcon’s Voting Village to probe voting machines and report on the longstanding, systematic security problems with them, in order to give secure voting advocates the ammunition they need to convince Congress and local officials to take action into improve America’s voting security.
Whether it’s showing that “secure” firmware can be dumped with a $15 electronic component or that voting systems can be hacked in minutes, the Voting Village researchers do yeoman duty, compiling comprehensive reports on the dismal state of America’s voting machines, nearly 20 years after Bush v Gore put the country on notice about the defective systems behind our elections.
This year’s report is the most alarming yet: it singles out the ES&S M650 tabulating machine, manufactured by Election Systems & Software of Omaha, Nebraska, which still has outstanding defects that were reported to the manufacturer a decade ago. The M650’s manifest unsuitability is so terrible that it would be funny if it wasn’t so serious: this is a machine that uses an operating system developed for the Blackberry phone (!) and then uses Zip cartridges (!!) to move data around.
The M650 is one of the most widespread pieces of equipment in American election systems, used to count in-person and absentee ballots by optically scanning ballot papers whose bubble-in forms have been filled in by voters. The system — connected to the internet by default — is used for county-wide tabulations in 23 states. As the report states: “Hacking just one of these machines could enable an attacker to flip the Electoral College and determine the outcome of a presidential election.”
The researchers identified defects in other systems, too: one could be compromised in two minutes, less time than it takes the average voter to cast a ballot on it. Another could be wirelessly hacked with a nearby mobile device and made to register an arbitrary number of votes. The report goes on to warn about attacks on voting machine supply chains, which could compromise whole batches of machines before they even reached the polling place.
As always, this year’s Voting Village report closes with a set of clear, sensible recommendations, focusing on legislative and regulatory action as well as technical advice for manufacturers and electoral officials making purchase decisions.
This summer, Senate Republicans killed bipartisan legislation to fund additional cybersecurity funding for American election systems.
The machine in question, the ES&S M650, is used for counting both regular and absentee ballots. The device from Election Systems & Software of Omaha, Nebraska, is essentially a networked high-speed scanner like those used for scanning standardized-test sheets, usually run on a network at the county clerk’s office. Based on the QNX 4.2 operating system—a real-time operating system developed and marketed by BlackBerry, currently up to version 7.0—the M650 uses Iomega Zip drives to move election data to and from a Windows-based management system. It also stores results on a 128-megabyte SanDisk Flash storage device directly mounted on the system board. The results of tabulation are output as printed reports on an attached pin-feed printer.The report authors—Matt Blaze of the University of Pennsylvania, Jake Braun of the University of Chicago, David Jefferson of the Verified Voting Foundation, Harri Hursti and Margaret MacAlpine of Nordic Innovation Labs, and DEF CON founder Jeff Moss—documented dozens of other severe vulnerabilities found in voting systems. They found that four major areas of “grave and undeniable” concern need to be addressed urgently. One of the most critical is the lack of any sort of supply-chain security for voting machines—there is no way to test the machines to see if they are trustworthy or if their components have been modified.
Defcon 26 Voting Village [Matt Blaze, Jake Braun, Harri Hursti, David Jefferson, Margaret MacAlpine and Jeff Moss]
Defcon Voting Village report: bug in one system could “flip Electoral College” [Sean Gallagher/Ars Technica]