Courtesy of CBS News:
Hackers from around the world had the rare opportunity to crack election-style voting machines this weekend in Las Vegas — and they didn’t disappoint.
After nearly an hour and a half, Carsten Schürmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas’ Defcon convention on Friday night, CNET reports.
Schürmann penetrated Advanced Voting Solutions’ 2000 WinVote machine through its Wi-Fi system. Using a Windows XP exploit from 2003, he was able to remotely access the machine, CNET reports.
The convention purchased more than 30 voting machines for the event, although, organizers didn’t specify how many models those units represented.
“The exposure of those devices to the people who do bug bounties or actually look at these kind of devices has been fairly limited,” Brian Knopf, director of security researcher for Neustar, told CNET. “And so Defcon is a great opportunity for those of us who hack hardware and firmware to look to these kind of devices and really answer that question, ‘Are they hackable?'”
Synack, a San Francisco security platform, discovered serious flaws with the WinVote machine months ahead of this weekend’s convention. The team simply plugged in a mouse and keyboard and bypassed the voting software by clicking “control-alt-delete.”
“It’s really just a matter of plugging your USB drive in for five seconds and the thing’s completely compromised at that point,” Synack co-founder Jay Kaplan told CNET. “To the point where you can get remote access. It’s very simple.”
The Synack team also cracked the machine from a mobile application by installing a remote desktop program to it. In one case study, Synack found a Virginia poll worker hacked the machine to play Minesweeper.
We can literally never have confidence in our election system until we go back to paper ballots and hand counts.
It may take longer to determine the winners, but at least we will know they are the actual winners.