back to article Voting machine maker claims vote machine hack-fests a 'green light' for foreign hackers

Voting machine maker ES&S says it did not cooperate with the Voting Village at hacking conference DEF CON because it worried the event posed a national security risk. This is according to a letter the biz sent to four US senators in response to inquiries about why the manufacturer was dismissive of the show's village and its …

  1. DJV Silver badge

    Weasels!

    "Voting machine vendor ES&S says it did not cooperate with the Voting Village hacking competition at DEF CON because it worried the event posed a national security risk."

    Bollocks, more like it posed a risk to exposing how lousy ES&S's security really is! Do they build insecure IoT crap as well?

    1. Anonymous Coward
      Anonymous Coward

      Oldschool saying comes to mind

      Worried about 'National Security' or 'Natural-Insecurity'

    2. big_D Silver badge

      Re: Weasels!

      Exactly, everybody in the security industry or with any interest in IT security already knew that voting machines are one of the biggest security holes out there - probably only second to PLCs that have been put online with no thought to additional security (i.e. they were designed to be air-gapped, so no security was implemented, now they are online and the only security, the air gap, is gone).

      1. Prst. V.Jeltz Silver badge

        Re: Weasels!

        already knew that voting machines are one of the biggest security holes

        I didnt know that. I had assumed that , unlike iot producers , it might have at least crossed the minds of the voting machine makers that some security would be needed. I'm not saying theyre secure (what is) but surely they tried?

        (despite the fact this idiot ceo refuses to show the results of their efforts)

        1. big_D Silver badge

          Re: Weasels!

          In the past, they (various voting machine manufacturers) have tried several different tactics to stop the devices being tested at all.

          For a start, part of the contract of sale prohibited the owner performing security tests or letting security tests be performed on the machines, they tried to restirc the resale of old machines, so they couldn't be bought by pen-testers and they tried using the DMCA to stop the machines being tested.

          So, yes, they tried a lot of things in relation to security, but more in the direction of burying their heads in the sand and silencing anyone who could tell them they had loused it up.

        2. JohnFen Silver badge

          Re: Weasels!

          "I'm not saying theyre secure (what is) but surely they tried?"

          From the day that voting machines were put into use, it was readily apparent that they didn't even try. They put some effort into making them look secure, but little effort into making them actually secure. And, also from day 1, when people pointed out the numerous serious flaws in the machines, their response was not to fix the flaws, but to condemn those who were looking for, and found, them.

          Just as they continue to do today.

    3. Velv Silver badge
      Facepalm

      Re: Weasels!

      clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop clip clop

      Yup, that's the sound of the horse already out of the stable, no point finding out how to close and lock the stable door now

      1. Frumious Bandersnatch Silver badge

        Re: Weasels!

        clip clop clip clop ...

        Viz Top Tip:

        Bang two pistachio shells together to recreate the sound of a really small horse on the cheap.

    4. Pen-y-gors Silver badge

      Re: Weasels!

      It could only pose a 'threat to national security' if the voting machines are actually insecure. It's not as if the hackers are creating the security holes.

      So the threat is actually the manufacturer.

    5. Giovani Tapini

      Re: Weasels!

      Why would they fix the issues? The machines are clearly designed to let the Russians dictate the election results. It would not be wise to remove their ability to do so... (depending on who's story you believe)

    6. a_yank_lurker Silver badge

      Re: Weasels!

      Please do not insult weasels, they like to feast on vermin like ES&S.

      Seriously, anything that is linked to the web is vulnerable to attack and needs to be secured. Does not matter what it is, it will be attacked. Some will be harder to get at as they might not be directly accessible, that only makes them somewhat less vulnerable not invulnerable. Anything that is mission critical as a voting machine should be considered should be thoroughly tested by outside experts to find the failures. If they can find them then black-hats can find them also.

    7. Eddy Ito Silver badge

      Re: Weasels!

      Do they build insecure IoT crap as well?

      Are you giving odds? I'd be willing to put a tenner or two on their voting machines being insecure IoT crap for the right moneyline.

  2. ITS Retired

    Electronic voting machines need to be insecure, so that the local precincts can have the correct winner.

    That is the why of no paper trail, internet connectable, common admin passwords among machines, Some flavor of windows, propitiatory secret software and firmware and so on.

    These people also make very secure ATM machines, so it is not like they don't know how to do voting machine security right.

  3. Nick Kew Silver badge
  4. DryBones

    Er...

    Perhaps they should try being less rubbish instead. Did they ever think of that? Thought not.

    1. Mark 85 Silver badge

      Re: Er...

      Security by obsurity, surely. So they won't participate in these kinds of things, that's fine. Now for the disclaimer...if they really wanted to ensure security, they would maybe go open source? Or invite selected white hat hacker types to test either on-site or in very secure locations?

      It's not a question of "they're happy to work with outside researchers" but are they actually doing it? This article on the heels of the previous one, smells like a fish that's been left in the sun for a week.

      1. big_D Silver badge

        Re: Er...

        Going Open Source isn't necessarily going to bring any changes to the security of the product. Plus it is probably considered a "trade secret" and can't be open sourced.

        On the other hand, for something as important as a voting machine, the purchasers should be ensuring that what they are buying has been thoroughly, independently tested, before handing over any money.

        1. kain preacher Silver badge

          Re: Er...

          Open source is worthless if you don't let people see the code.

          1. kain preacher Silver badge

            Re: Er...

            To the person that down voted me, you think Open source is good if you can't see the source code that is being run. How do you know what back doors are in it ? Open or closed source makes no diff if people can not see what's running under the hood.

            1. JohnFen Silver badge

              Re: Er...

              I didn't down vote you, but I'll take a guess that the person who did was thinking something like "being open source means that people can look at the code". If you can't see the code, then it isn't open source.

            2. strum Silver badge

              Re: Er...

              >you think Open source is good if you can't see the source code that is being run

              You're being downvoted because you seem to be unaware that if the code can't be seen, it ain't open source.

        2. JohnFen Silver badge

          Re: Er...

          "Plus it is probably considered a "trade secret" and can't be open sourced."

          That's another issue. Machines that are intended to tally votes should not be allowed to have any secret code at all. Ideally, it would be available to the public. But, if that's too much for their weak stomachs, then at least it should be available to security researchers.

          Claiming "trade secret" should automatically mean "no sale".

          1. kain preacher Silver badge

            Re: Er...

            "Plus it is probably considered a "trade secret" and can't be open sourced."

            That's exactly what Diebold claimed and then promptly sued the state of New Jersey to stop them from looking.

  5. Allan George Dyer Silver badge

    Most Secure Voting Machine

    The pencil (with appropriate procedures)

    1. onefang Silver badge

      Re: Most Secure Voting Machine

      "The pencil (with appropriate procedures)"

      I still think the pen I bring with me is even more secure.

      1. hughca
        Coat

        Umm...

        "I still think the pen I bring with me is even more secure."

        Only if it's been rigorously pen-tested...

        ...sorry...

        1. Anonymous Coward
          Anonymous Coward

          Re: Umm...

          Well it is better than a sword.

          1. onefang Silver badge

            Re: Umm...

            Yeah, a sword is just a bit too unwieldy to use to make your mark on a ballot paper. Though it does leave no doubt about your voting intentions if you use it to make your mark on a politician. Which I think was one of the original design goals for swords.

            1. Velv Silver badge
              Happy

              Re: Umm...

              "it does leave no doubt about your voting intentions"

              There was a case in the UK where instead of an X in the box, the voter had written a bad word against four of the five candidates. While those four candidates sought to have the ballot paper declared excluded, the presiding officer had to agree that the voter had expressed a clear preference for one of the five.

          2. Giovani Tapini

            Re: Umm...

            Swords are large and can leave a mess. Why not just stick to hanging Chad instead

            1. onefang Silver badge

              Re: Umm...

              "Swords are large and can leave a mess. Why not just stick to hanging Chad instead"

              I don't think there are any politicians around here called Chad.

      2. tom dial Silver badge

        Re: Most Secure Voting Machine

        Traditional "counting" methods include both completing ballots when the voter skipped an office or voted for fewer candidates than allowed and (probably much more often) invalidating voters' choices (by marking additional boxes or bubbles) when they made "mistakes."

        It is convenient if everyone is forced to use the same marking instrument (pencils often are preferred because a voter can correct a misplaced mark rather than enduring the fairly significant hassle of having the election judges cancel and issue a replacement ballot. Use of a variant marker will insure, at most, the security of a single ballot; corrupt ballot counters will simply omit it from their correction activities.

        1. Allan George Dyer Silver badge

          Re: Most Secure Voting Machine

          @tom dial - Appropriate counting procedures make such malpractice impractical. My personal experience is with UK county council elections, where I acted as an observer. Each candidate could have observers at the count. Observers had to swear in front of a JP that they would not interfere beforehand. Ballot boxes were opened and ballots counted in view of the observers who could raise queries. Spoiled and questionable ballots were reviewed by the Returning Officer with the candidate's Agents. Ballot counters were mostly (all?) local government employees. Nothing is hidden.

          It's all scalable - if you're a candidate with a chance of winning, you have enough supporters to act as observers; larger constituencies have larger pools of local government employees to act as ballot counters. A corrupt ballot counter is risking their permanent job, and has very little opportunity to act unobserved.

          1. tom dial Silver badge

            Re: Most Secure Voting Machine

            @Allan George Dyer: Appropriate counting procedures make this misbehavior more difficult, but not necessarily impractical. You describe theory and, as far as I know UK practice, quite accurately. I described reasonably well documented US historical practice, where manual counting, when used, customarily is done by teams of election judges representing at least two political parties. As in the UK, the procedure may be witnessed by independent (i. e., non-official) observers. Skewing the count requires no more than the practical skills of a magician, and has not always been free of corruption.

            Voter marked paper ballots clearly are the most transparent and easily understood way to record votes. Vote counting, whether by humans or machines has vulnerabilities. They can be mitigated and rendered less probable, but probably cannot be eliminated entirely and may sometimes affect the outcome of close elections.

            1. strum Silver badge

              Re: Most Secure Voting Machine

              >manual counting, when used, customarily is done by teams of election judges representing at least two political parties. As in the UK, the procedure may be witnessed by independent (i. e., non-official) observers

              That's not how it works in the UK. The counting is done by non-partisan officials. They are supervised by representatives of the parties.

        2. ivan5

          Re: Most Secure Voting Machine

          No matter how good the counting methods are the big question is how do you get round the problem that is best expressed as:

          'Grandma was a loyal Republican until the day she died. Ever since, she's voted Democrat'

          No machine or counting system is going to counter that.

          1. Stork Bronze badge

            Re: Most Secure Voting Machine

            In Denmark (at least) where everybody is registered to a scary degree, that cannot happen. By law you have to register in the municipality where you have your residence, and the electoral roll is simply the subset of residents who are old enough to vote and have suitable nationality. Yes, prisoners can also vote.

            The consequence is that when you status changes to "dead" you are token off the roll.

            These are the upsides of the pervasive registers.

          2. a_yank_lurker Silver badge

            Re: Most Secure Voting Machine

            @ivan5 - That problem is with the voter rolls and their maintenance plus whatever id is required to prove your identity to vote. A different issue altogether than the security of the actual vote. If the actual vote totals can easily be manipulated without easy detection by the counters then all elections are in question as one does not know what the real votes were. Cleaning up voter rolls is important but not as critical as making sure the votes can not be changed without detection. The 2000 US fiasco in Florida was an example of having the actual ballots for a recount (Bush won them all). Even if there were issues about how to count some ballots ("hanging chads") one had the physical evidence to look at.

    2. Claptrap314 Bronze badge

      Re: Only Secure Voting Machine

      Fixed the title for you.

      I've worked about 30 elections, all in Texas.

  6. Anonymous Coward
    Anonymous Coward

    Security

    NO votes!

  7. John Smith 19 Gold badge
    Thumb Up

    "Ignorance of insecurity does not get you security. "

    The most succinct description of why security by obscurity (even with special "National Security" BS sauce) doesn't work.

    Yes I also wonder if they have a division of code monkeys who sling IoT s88t

  8. Potemkine! Silver badge

    Voting machines are nonsense

    Every sane democracy should get rid of it. All these companies should be out of business, they are a threat rather than a solution.

  9. Prst. V.Jeltz Silver badge

    "Why Electronic Voting is a BAD Idea"

    Y'all know Tom Scott, proffessional youtube geek?

    https://www.youtube.com/watch?v=w3_0x6oaDmI

  10. Anonymous Coward
    Anonymous Coward

    Crudbump has a great song about Christmas.

  11. Prst. V.Jeltz Silver badge

    When J Clarkson and co ask the manufacturers to loan them their latest hatchbacks for a comparison test, they do it - because even if they dont win the comparison test , to refuse to enter shows they have no confidence in their product. .... and the testers would possibly get one elsewhere anyway.

    And to show that lack of confidence when you make VOTING machines??

  12. qwertyuiop

    I can't remember where I read (or heard) this, but it seems entirely appropriate here: "Hackers don't break things, they just prove they were broken in the first place".

    1. Mongrel

      Hackers don't break things

      Not forgetting that these are the good guys, for some slightly fuzzy definitions of good, who are willing to show their work. We generally have no idea how far along the bad guys are in defeating the 'security' on these machines.

  13. This post has been deleted by its author

  14. elvisimprsntr

    Don't some of the voting machine manufacturers also make ATM machines which are vulnerable to remote jackpotting and have one key fits all locks? I would not be surprised if they also manufacturer the computer systems in gas pumps. That is all one really needs to know to make an educated guess about security of voting machines.

  15. DropBear Silver badge
    Trollface

    So, um... (you knew this was inevitable, didn't ya) ...voting based on blockchain, anyone?

    1. Mike Moyle Silver badge
      Trollface

      "So, um... (you knew this was inevitable, didn't ya) ...voting based on blockchain, anyone?"

      If the energy consumed in bitcoin mining is any indication, then voter apathy might be the only thing that would keep blockchain-based voting from bringing entire national power grids to their knees.

  16. Anonymous Coward
    Anonymous Coward

    Secure e voting will never happen in the south. They want to make voting difficult as possible. I moved from California to Alabama . In Alabama the news very rarely covers hat's on the ballot. If you go to the official web site for ballot measures then font is so small it could fit on a grain of rice and it's not more than 12 sentences.

    Here is another fun one. Here they choice to vote straight democrat or republican . Lets say you mark the box straight dem and then vote for an individual dem you ballot is in valid. Works the same way for voting straight repub.

    1. JohnFen Silver badge

      "Secure e voting will never happen in the south"

      It looks to me like secure e-voting will never happen in any state.

  17. MrReal

    Voter ID checks and paper ballots, I mean how difficult is it really?

    Too difficult for americans apparently - much like staying out of Syria etc, they just can't do it.

    1. Aladdin Sane Silver badge

      Re: Voter ID checks

      Are a bad idea

  18. JulieM Bronze badge

    Quelle Surprise

    Voting machines cannot work in practice. This is not a limitation of present-day technology that will be overcome by inventing the right thing; rather, it is a limitation of the universe. There is nothing that anyone could invent, nor any detail of implementation that could be mandated, that would make voting machines as secure or robust as pencil and paper and manual counting. The traditional method is also Universally Comprehensible. Which is vitally important because if you don't understand how the voting system works, how in the hell can you be sure it's fair?

    It's bad enough that anybody even tried. It's much worse that they consider democracy subordinate to their right to keep secrets (though hardly surprising that they were allowed to, given the corruption in the USA). Not that publishing the exploded views, wiring diagrams and software listings actually helps anyone, though; only a minority of the population can understand them, and in any case there is no way to be certain that the machines used in an election are exactly in accordance with the published specification.

    All research into electronic voting needs to be discontinued; and the use of manually-counted ballot papers -- and the reasons for doing so: universal comprehensibility and robustness against tampering -- needs to be mandated in nations' written constitutions alongside the voting system used.

  19. Sherrie Ludwig

    Shooting the messenger

    If some random person sees your garage door open, and calls you to tell you your garage door is open, you don't close it, then the subsequent thefts out of said garage are all the fault of the person who called you? Got it. Sheesh.

  20. martinusher Silver badge

    Which machines, where?

    The machines that I work with at our polling places are an optical card reader and a touch screen system. Most votes are recorded by the card reader. Its probably computerized, I'd guess there's a Z80 or similar in there somewhere, but as it lacks an external network connection its going to be difficult to hack. The results cartridge is a memory pack that's about the size of a pack of playing cards with what looks like a three row DB type connector on it.

    The touch screen unit obviously started off life as a PC. An early 1990s PC. It runs what looks suspiciously like vxWorks. It doesn't have a network connection. It also has a removable memory pack, a PCMCIA card which if I had a laptop from that era I could probably read.

    This kit is pretty old but the overall system is actually pretty bulletproof. Ultimately any interference with a vote tabulator will show up as a statistical blip which will attract the attention of the county voting staff who will then use the paper trail to figure out what happened. (The 'blip' is quite obvious -- I usually work a split precinct, one that deals with the 'L-Z' half of the voter rolls for this are. Our tabulated results match very closely those of the 'A-K' crew.)

    When you talk about hacking voting machines you really need to be a bit more specific. You also need to hack the entire system -- statistics being what it is any attempt to game the system (gerrymandering or voter suppression excepted) will show up like a beacon.

    1. JohnFen Silver badge

      Re: Which machines, where?

      "the overall system is actually pretty bulletproof."

      How do you know?

      1. Aladdin Sane Silver badge
        Trollface

        Re: the overall system is actually pretty bulletproof

        He shot it.

    2. Adam 1 Silver badge

      Re: Which machines, where?

      They may well have reasonable physical security, but that is only one threat model, but only the most ridiculously poorly thought out attacks would seriously adjust voter intention on a particular way. There are much more effective ways, including

      1. Suppressing small numbers of votes from polling booths that are known to lean to the unfavorable side and injecting votes in the booths which tend to vote toward the favourable side.

      2. Adjusting votes to lower preference (in preferential systems) which may be enough to push someone over the required quota.

      And you and I so far have only addressed the machine level attack vector. The data must be aggregated across thousands of polling booths. That means that these memory cartridges need to be transported. It also means some other opaque system then claims to read what is written to it. This is very hard to externally validate. Everything from the device driver through to the application code must be inspected. Then you have the build chain of those pieces of software. Can you prove that the code that you reviewed is the exact code that was compiled? This is hard enough without malicious actors trying to deliberately add some hole. Can you prove that the compiler itself doesn't inject malicious code even if you can inspect it? Can you prove that the version that you reviewed is the same as the version that was deployed during the actual count? Can you trust the output of the crypto libs in that machine to not lie about the hash of the deployed files?

      These are a bunch of really hard problems. It is completely inappropriate to permit a counting tool to be used where the vendor won't permit full inspection.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019