Hacking conference reveals vulnerabilities in voting machines


In a competition held at the DEF CON Hacking Conference in Las Vegas, an 11-year-old boy managed to hack into a replica of Florida’s election results website in under 10 minutes.

One of the most recent additions to the hacker conference — the Voting Machine Hacking Village — demonstrates how the voting system in the United States can easily be exploited, which has prominently been brought to light during the height of the 2016 election. At the conference, more than 30 different types of voting machines are given to attendees, who are given free rein to try to hack the systems. All models hacked were machines that are currently used across the United States.

J. Alex Halderman, a professor of computer science and engineering at the University of Michigan, displayed a vulnerability of the voting system on the second day of the conference. After purchasing a Diebold AccuVote-TS voting machine on eBay, Haldmeran demonstrated how easily a hacker could introduce malware into the outdated systems in order to change the results.

It may have been easy to breach the systems because they’re running on software that Microsoft has not released a security update for in over 10 years. These same outdated systems and machines, Halderman demonstrated in his presentation, were used in over 18 states for the 2016 elections and may have been used in the 2018 midterm elections.

But what Halderman failed to demonstrate was how easily these votes could be altered without having to sneak malicious hardware into a system.

A simpler attack on the AccuVote-TS machine that Halderman infected with malware was also shown at the conference. Using nothing more than a Bic Cristal — an inexpensive, disposable ballpoint pen — to pop open one part of the computer and reinserting it and hitting “OK” or “cancel” on a couple of error codes gave the hacker administrator access, which could be used to alter votes. In this way, the machine was hacked in only two minutes.

The average voter takes about six minutes to cast their votes, so the simple, two-minute method demonstrates how easily and quickly someone could hack a voting machine within the time it takes to vote on Election Day.

Some voters are losing confidence in the system. Voters can no longer assume that by casting a ballot, their votes will be carried out with security. The solution seems bleak, as many of these machines are operating with systems that are well over 10 years old in many states.

An entire system overhaul might be needed, but this doesn’t appear likely. In August, both the House and the Senate voted against measures that would have appropriated $250 million for election security grants to states.

A solution that is somewhat implemented but not entirely efficient is a paper trail of votes. Without a paper trail of each vote, an auditor cannot check for discrepancies. But not every state has voting machines that provide a paper ballot, which contributes to the issue. Another issue is that states without paper trails rarely audit them, and paper trails are vulnerable to malware.

While paper ballots are meticulous, they seem to be the only viable, inexpensive and pragmatic solution to our faulty voting machines. Another idea that might be able to mitigate security issues is mobile voting: Our smartphones are much more secure than any voting machine in the United States and are now being implemented with the help of blockchain for servicemen abroad to place their votes.