Security vendor demonstrates hack of US e-voting machine

Other election security experts suggest the hack is nothing new

A hacker armed with a US$25 PCMCIA card can, within a few minutes, change the vote totals on an aging electronic voting machine that is now in limited use in 13 U.S. states, a cybersecurity vendor has demonstrated.

The hack by security vendor Cylance, which released a video of it Friday, caught the attention of noted National Security Agency leaker Edward Snowden, but other critics of e-voting security dismissed the vulnerability as nothing new.

The Cylance hack demonstrated a theoretical vulnerability described in research going back a decade, the company noted.

The hack is "not surprising," Pamela Smith, president of elections security advocacy group Verified Voting, said by email. "The timing of the release is a little odd."

Hackers, with U.S. intelligence agencies pointing to the Russian government, have been attempting to raise doubts about the validity of this week's U.S. election through the publication of Democratic Party emails and documents. At the same time, Republican presidential candidate Donald Trump has been warning supporters, with no concrete proof, that the election may be "rigged" against him.

The Cylance demonstration was "not new and badly timed," said Joe Kiniry, a security researcher and CEO at Free and Fair, an election technology developer. "This kind of attack has been demonstrated on almost all of the widely deployed machines used today."

Cylance defended the video, saying it is a timely reminder of the security problems with e-voting machines. The company's research on the machine "came to fruition" recently, and Cylance also wanted to remind poll workers that they need to be vigilant during Tuesday's election, said Ryan Smith, the company's vice president of research.

Releasing the video just before the U.S. election strikes at the issue while people are paying attention, he added. The vulnerabilities in e-voting machines have been discussed for years, "and we still haven't done anything about it," he said.

Dominion Voting Systems, the vendor of the voting machine, did not immediately respond to a request for comments on the Cylance hack.

The Sequoia AVC Edge Mk1 e-voting machine targeted by Cylance is used by some voting precincts in potential presidential swing states Florida, Arizona, Pennsylvania, Colorado, Nevada, and Wisconsin. The machine is used statewide in Nevada and used widely in Wisconsin, but both states have post-election audit procedures in place, Pamela Smith said.

In other states, including Florida and Colorado, the machines are used only in a handful of locations for voters with special accessibility requirements. Pennslyvania uses the machine in just one county, she said.

In the Cylance hack, a PCMCIA card, programmed with the hacker's desired vote totals, can be inserted into a slot on the Sequoia AVC machine. The hacker can then change the vote totals, and even the candidates' names, Cylance demonstrated.

Some states have tamper seals on e-voting machines in an effort to discourage on-site hacking, but poll workers may not realize the potential problems if the seal is broken, Ryan Smith said. Cylance's video is intended to show them, he said.

Still, the potential uses of the Cylance hack are limited, said Douglas Jones, a computer science professor at the University of Iowa. The major concern during this election has been hacking from Russians or other overseas hackers, and the Cylance hack depends on physical access to each machine, he noted.

The Cylance hack would be "devastating if the adversary we were concerned about was a local political machine intent on controlling, perhaps, a county," Jones said by email.

Even such a local hack might require a conspiracy involving several people, with the possibility of someone leaking the plans, he added.

"There may be such corrupt political machines, and we ought to phase out these voting machines to prevent their abuse, but it's not the big news story of this election," Jones said. "This hack is irrelevant to concerns about Vladimir Putin trying to control the presidential election."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?