How I Hacked An Electronic Voting Machine
The Vulnerability Assessment Team at Argonne National Laboratory looks at a wide variety of security devices-- locks, seals, tags, access control, biometrics, cargo security, nuclear safeguards--to try to find vulnerabilities and locate potential fixes. Unfortunately, there's not much funding available in this country to study election security. So we did this as a Saturday afternoon type of project.

The device we implanted in the touchscreen machine was essentially $10 retail. If you wanted a deluxe version where you can control it remotely from a half a mile away, it'd cost $26 retail. It's not big bucks. RadioShack would have this stuff. I've been to high school science fairs where the kids had more sophisticated microprocessor projects than the ones needed to rig these machines.

Because there's no funding for this type of security-testing, we relied on people who buy used machines on eBay [in this case the touchscreen Diebold Accuvote TS Electronic Voting Machine and the push-button Sequoia AVC Advantage Voting Machine]. Both of the machines were a little out-of-date, and we didn't have user manuals and circuit diagrams. But we figured things out, in the case of the push-button machine, in under two hours. Within 2 hours we had a viable attack. The other machine took a little longer because we didn't fully understand how touchscreen displays worked. So we had learning time there. But that was just a couple days. It's like a magic trick. You've got to practice a lot. If we practiced a lot, or even better, if we got someone really good with his hands who practiced a lot for two weeks, we're looking at 15 seconds to 60 seconds go execute these attacks.

I want to move it to the point where grandma can't hack elections. We're really not there.The attacks require physical access. This is easy for insiders, who program the machines for an election or install them. And we would argue it's typically not that hard for outsiders. A lot of voting machines are sitting around in the church basement, the elementary school gymnasium or hallway, unattended for a week or two before the election. Usually they have really cheap cabinet locks anyone can pick; sometimes they don't even have locks on them. No one signs for the machines when they show up. No one's responsible for watching them. Seals on them aren't much different from the anti-tamper packaging found on food and over-the-counter pharmaceuticals. Think about tampering with a food or drug product: You think that's challenging? It's really not. And a lot of our election judges are little old ladies who are retired, and God bless them, they're what makes the elections work, but they're not necessarily a fabulous workforce for detecting subtle security attacks.
Posted by: Voldemort Grereth1352 2012-11-23