Posted on July 31, 2017 at 1:23 PM
This year, people who attended the annual DEF CON cybersecurity conference had a unique opportunity to try and hack into their first voting machine, which proved to be easier than expected.
Security consultant Thomas Richards told us that he managed to hack into a Premier Election Solutions machine, which is currently in use in Georgia, within minutes.
Voting Machine Village, as the event has been named, was a part of the DEF CON conference and included machines with various voting systems that the attendees would try and hack into in order to help catch vulnerabilities.
The conference acquired 30 machines for this event, and not a single machine was left unhacked.
Despite their simplicity, voting machines are difficult to obtain for researchers in order to do independent research on them. The machine in question that Richards managed to hack into has a beneath-the-surface software, also known as firmware, which was designed in 2007. Over the ten years that passed, many vulnerabilities have been developed.
Richards spoke about being surprised with what he found in the machine itself and continued with suggestions on what the country should do in order to secure machines. He believes that increasing testing opportunities for the outside hackers and transparency in voting machine design could help immensely in the future.
The entire village was made in the hopes of raising awareness about the security issues that election machines have. Organizers also hoped that the election experts that were attending would put pressure on the states to do more to protect the systems.
Harri Hursti, cofounder of Nordic Innovation Labs and the event’s organization helper said that there is a lot of misinformation about the machines on the internet. Despite the event being announced last minute, many people were active and tried to understand the problem, and this is where Hursti hopes the changes will start.
There has been a debate on just how big of a threat comes from voting machines that aren’t secured.
Eric Hodge, director of consulting at CyberScout and a consultant for Kentucky’s Board of Elections believes that with proper security processes going on, the threat is minimal. Hodge believes that with proper care for the machines and having someone keep an eye on them always can eliminate a large number of possible threats.
This mainly comes from the voting machines being disconnected from the Internet which means that the systems in the machines shouldn’t invite hackers in.
There is also the fact that the voting machines are bought and used county to county across the states, which makes it harder to mess with a national election result.
But Hursti is still concerned with states not really following best practices. He spoke of his worry that, if the result of the elections could be close, hackers could target a machine or two and turn the result around.
Voting Machine Village that DEF CON organized was the first event that allowed that many researchers have access to voting machines. The organizers are hoping this could result in more people in charge being aware of the problems and doing something to change things.