A summary of the “Voting Village” event posted last week said hackers at Defcon “compromised every single machine over the 2.5-day event, many of them with trivial attacks that require no sophistication or special knowledge on the part of the attacker.”
“In most cases, vulnerabilities could be exploited under election conditions surreptitiously…an attack that could compromise an entire jurisdiction could be injected in any of multiple places,” according to a full version of the report.
In many cases, physical ports were unprotected, passwords were either left unset or in their default configuration and security features went unused or in some cases, were disabled, the report added.
Attendees were given access to over 100 machines at the event, including direct-recording electronic voting machines, electronic poll books, Ballot Marking Devices, Optical scanners and hybrid systems.
One machine, based on an old PC hardware, had no BIOS password set on the machine. The BIOS (Basic Input Out System) controls the basic functions of a PC.
“Consequently, participants were able to boot an arbitrary operating system off a live CD… Ultimately, the device was used as an entertainment device, amusing visitors with Nyan Cat,” the full version of the report said.
On another system, a keyboard and Ethernet connection could be plugged in by simply removing the top of the machine’s case. The casing is secured by only by 3 screws and does not have any tamper-evident seals. “Immediate root access to the device was available simply by hitting the Windows key on the keyboard,” the report continued.
Another device, one that combines an optical paper ballot scanner and ballot marking device and allows for access by the blind and visually impaired, has a single locking mechanism for the entire ballot box. “If picked, ballots could easily be stolen using common items such as a standard trash picker,” the report stated.
Participants were able to access common computer ports on the device such as USB, RJ45, and CompactFlash slots on this machine “without using destructive force…[and] boot settings also allow for the system to be booted from an external USB on startup.”
The report recommended the use of paper ballots, as well as rigorous post-election audits.
In the aftermath of last month’s Saudi oil field attacks, believed to have been carried out by Iran, cybersecurity experts have detected an uptick in Iranian movement — and they contend it aims to both guard their nation against retaliation and to launch its own attacks in the shadowy arena of cyberspace. “Both the U.S. and Iran are maneuvering...
A glitch in the new “FIFA 20” video game has exposed the personal details of a number of players. Game developer EA Sports tweeted on Thursday that some players noticed the leak when they were on the registration portal page for the EA Sports FIFA 20 Global Series competition. Players in the Global Series can qualify...