August 5, 2017

Voting Machines

God help me if any of these have a serialport.

Update: They do have serialports!

I noticed this document about the "findings from the Defcon 25 Voting Machine Hacking Village". It's epic.

⚡This is a fantastic read about hacking a collection of voter machines. I've had hobby projects more secure.

— Francis Gulotta (@reconbot) August 4, 2017

Almost all of the machines lacked any encryption. Some of them had laughable "encryption" the kind of stuff you do play with in grade school. What the hell is 8 bit encryption? Sounds like a caesar cipher. In some cases you can accidentally break the machine by typing too fast.

Some of the "newer" ones used an sqlite database. Which is the database that powers every database that's not on a server. It's super well understood and easy to replicate. This in itself isn't a problem but with the lack of encryption or verification it makes life super easy when trying to mess with the machine.

One team could cause all votes cast to be saved in such a way that they'd be verifiable but abut ignored during tallies. All it took was replacing a cf card held down by a screw. Never mind you could just take the card and the machine would be "broken".

Another machine ran pSOS a realtime operating system from 1989!

Half of them were destroyed by a Bash Bunny which basically types "A" really fast.

Anyway the event proves two things in my mind;

  1. We need paper voting.
  2. Governments suck at making reasonable purchases when it comes to technology

Someone in SF is trying to do better. © 2024
Powered by ⚡️ and 🤖.