Voting machine maker claims vote machine hack-fests a 'green light' for foreign hackers Voting machine maker ES&S says it did not cooperate with the Voting Village at hacking conference DEF CON because it worried the event posed a national security risk. This is according to a letter the biz sent to four US senators in response to inquiries about why the manufacturer was dismissive of the show's village and its …
"Voting machine vendor ES&S says it did not cooperate with the Voting Village hacking competition at DEF CON because it worried the event posed a national security risk."
Bollocks, more like it posed a risk to exposing how lousy ES&S's security really is! Do they build insecure IoT crap as well?
Exactly, everybody in the security industry or with any interest in IT security already knew that voting machines are one of the biggest security holes out there - probably only second to PLCs that have been put online with no thought to additional security (i.e. they were designed to be air-gapped, so no security was implemented, now they are online and the only security, the air gap, is gone).
already knew that voting machines are one of the biggest security holes
I didnt know that. I had assumed that , unlike iot producers , it might have at least crossed the minds of the voting machine makers that some security would be needed. I'm not saying theyre secure (what is) but surely they tried?
(despite the fact this idiot ceo refuses to show the results of their efforts)
In the past, they (various voting machine manufacturers) have tried several different tactics to stop the devices being tested at all.
For a start, part of the contract of sale prohibited the owner performing security tests or letting security tests be performed on the machines, they tried to restirc the resale of old machines, so they couldn't be bought by pen-testers and they tried using the DMCA to stop the machines being tested.
So, yes, they tried a lot of things in relation to security, but more in the direction of burying their heads in the sand and silencing anyone who could tell them they had loused it up.
"I'm not saying theyre secure (what is) but surely they tried?"
From the day that voting machines were put into use, it was readily apparent that they didn't even try. They put some effort into making them look secure, but little effort into making them actually secure. And, also from day 1, when people pointed out the numerous serious flaws in the machines, their response was not to fix the flaws, but to condemn those who were looking for, and found, them.
Just as they continue to do today.
clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop
Yup, that's the sound of the horse already out of the stable, no point finding out how to close and lock the stable door now
Please do not insult weasels, they like to feast on vermin like ES&S.
Seriously, anything that is linked to the web is vulnerable to attack and needs to be secured. Does not matter what it is, it will be attacked. Some will be harder to get at as they might not be directly accessible, that only makes them somewhat less vulnerable not invulnerable. Anything that is mission critical as a voting machine should be considered should be thoroughly tested by outside experts to find the failures. If they can find them then black-hats can find them also.
Electronic voting machines need to be insecure, so that the local precincts can have the correct winner.
That is the why of no paper trail, internet connectable, common admin passwords among machines, Some flavor of windows, propitiatory secret software and firmware and so on.
These people also make very secure ATM machines, so it is not like they don't know how to do voting machine security right.
Security by obsurity, surely. So they won't participate in these kinds of things, that's fine. Now for the disclaimer...if they really wanted to ensure security, they would maybe go open source? Or invite selected white hat hacker types to test either on-site or in very secure locations?
It's not a question of "they're happy to work with outside researchers" but are they actually doing it? This article on the heels of the previous one, smells like a fish that's been left in the sun for a week.
Going Open Source isn't necessarily going to bring any changes to the security of the product. Plus it is probably considered a "trade secret" and can't be open sourced.
On the other hand, for something as important as a voting machine, the purchasers should be ensuring that what they are buying has been thoroughly, independently tested, before handing over any money.
"Plus it is probably considered a "trade secret" and can't be open sourced."
That's another issue. Machines that are intended to tally votes should not be allowed to have any secret code at all. Ideally, it would be available to the public. But, if that's too much for their weak stomachs, then at least it should be available to security researchers.
Claiming "trade secret" should automatically mean "no sale".
"it does leave no doubt about your voting intentions"
There was a case in the UK where instead of an X in the box, the voter had written a bad word against four of the five candidates. While those four candidates sought to have the ballot paper declared excluded, the presiding officer had to agree that the voter had expressed a clear preference for one of the five.
Traditional "counting" methods include both completing ballots when the voter skipped an office or voted for fewer candidates than allowed and (probably much more often) invalidating voters' choices (by marking additional boxes or bubbles) when they made "mistakes."
It is convenient if everyone is forced to use the same marking instrument (pencils often are preferred because a voter can correct a misplaced mark rather than enduring the fairly significant hassle of having the election judges cancel and issue a replacement ballot. Use of a variant marker will insure, at most, the security of a single ballot; corrupt ballot counters will simply omit it from their correction activities.
@tom dial - Appropriate counting procedures make such malpractice impractical. My personal experience is with UK county council elections, where I acted as an observer. Each candidate could have observers at the count. Observers had to swear in front of a JP that they would not interfere beforehand. Ballot boxes were opened and ballots counted in view of the observers who could raise queries. Spoiled and questionable ballots were reviewed by the Returning Officer with the candidate's Agents. Ballot counters were mostly (all?) local government employees. Nothing is hidden.
It's all scalable - if you're a candidate with a chance of winning, you have enough supporters to act as observers; larger constituencies have larger pools of local government employees to act as ballot counters. A corrupt ballot counter is risking their permanent job, and has very little opportunity to act unobserved.
@Allan George Dyer: Appropriate counting procedures make this misbehavior more difficult, but not necessarily impractical. You describe theory and, as far as I know UK practice, quite accurately. I described reasonably well documented US historical practice, where manual counting, when used, customarily is done by teams of election judges representing at least two political parties. As in the UK, the procedure may be witnessed by independent (i. e., non-official) observers. Skewing the count requires no more than the practical skills of a magician, and has not always been free of corruption.
Voter marked paper ballots clearly are the most transparent and easily understood way to record votes. Vote counting, whether by humans or machines has vulnerabilities. They can be mitigated and rendered less probable, but probably cannot be eliminated entirely and may sometimes affect the outcome of close elections.
>manual counting, when used, customarily is done by teams of election judges representing at least two political parties. As in the UK, the procedure may be witnessed by independent (i. e., non-official) observers
That's not how it works in the UK. The counting is done by non-partisan officials. They are supervised by representatives of the parties.
No matter how good the counting methods are the big question is how do you get round the problem that is best expressed as:
'Grandma was a loyal Republican until the day she died. Ever since, she's voted Democrat'
No machine or counting system is going to counter that.
In Denmark (at least) where everybody is registered to a scary degree, that cannot happen. By law you have to register in the municipality where you have your residence, and the electoral roll is simply the subset of residents who are old enough to vote and have suitable nationality. Yes, prisoners can also vote.
The consequence is that when you status changes to "dead" you are token off the roll.
These are the upsides of the pervasive registers.
@ivan5 - That problem is with the voter rolls and their maintenance plus whatever id is required to prove your identity to vote. A different issue altogether than the security of the actual vote. If the actual vote totals can easily be manipulated without easy detection by the counters then all elections are in question as one does not know what the real votes were. Cleaning up voter rolls is important but not as critical as making sure the votes can not be changed without detection. The 2000 US fiasco in Florida was an example of having the actual ballots for a recount (Bush won them all). Even if there were issues about how to count some ballots ("hanging chads") one had the physical evidence to look at.
When J Clarkson and co ask the manufacturers to loan them their latest hatchbacks for a comparison test, they do it - because even if they dont win the comparison test , to refuse to enter shows they have no confidence in their product. .... and the testers would possibly get one elsewhere anyway.
And to show that lack of confidence when you make VOTING machines??
Don't some of the voting machine manufacturers also make ATM machines which are vulnerable to remote jackpotting and have one key fits all locks? I would not be surprised if they also manufacturer the computer systems in gas pumps. That is all one really needs to know to make an educated guess about security of voting machines.
The Register - Independent news and views for the tech community. Part of Situation Publishing
Join our daily or weekly newsletters, subscribe to a specific section or set News alerts
Subscribe
