Hackers Crack Voting Machines Within Minutes At DEF CON In VegasHuffington Post
July 30, 2017
We already knew US voting systems had security flaws ― the federal government put that nail in the coffin when it repeatedly confirmed that Russian hackers breached systems in at least 21 states during the election last year. Link
But on Friday, hackers stateside showed us just how easily some of the electronic voting machines can be cracked.
Those who attended DEF CON, a 25-year-old hacking convention held in Las Vegas, were given physical and remote access to voting machines procured from eBay and government auctions.
Within about 90 minutes, they'd exploited weak and outdated security measures to gain full access, The Register first reported. Some physically broke down the machines to reveal their vulnerabilities, while others gained remote access or showed that external ports found on some could be used to upload malicious software.
"Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we've uncovered even more about exactly how," Jake Braun, who reportedly came up with the idea for the challenge, told The Register.
"The scary thing is we also know that our foreign adversaries ― including Russia, North Korea, Iran ― possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security."
Some of the machines were reportedly outdated and not used in today's elections, and attendees said that their various intrusions would have been detected and logged by officials.
But detection is a far cry from interception.
In June, a U.S. Department of Homeland Security official again confirmed that Russian hackers were not only "attempting" to gain access to voting systems, they succeeded in at least 21 states and stole undisclosed information. The FBI detected the tampering last year ― though no evidence of changing vote numbers has been found ― but the Obama administration delayed reporting the breaches until Oct. 7, according to the Los Angeles Times.
The "security" of these WINvote machines is so bad. Running WinXP, autorun enabled and hard-coded WEP wifi password. pic.twitter.com/AlOiAPcRra— Victor Gevers (@0xDUDE) July 28, 2017