Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Security

September 28th, 2011, 08:03 GMT · By Eduard Kovacs

Electronic Voting Machines Highly Vulnerable to Man-in-the-Middle Remote Attacks

SHARE:

Adjust text size:


Diebold voting machine
Enlarge picture
A recent experiment has proven that electronic voting machines can be easily tampered with physically, in order to gain total control of the balloting process. The alarming thing is that in just a couple of minutes, using $10(€7) worth of electronic components, the machine can be overtaken by the attacker.

The Vulnerability Assessment Team (VAT) at the U.S. Dept. of Energy's Argonne National Laboratory in Illinois played around with a Diebold Accuvote touch-screen machine. Roger Johnston and John Warner revealed in a video posted on The Hacker News that any type of voting device is susceptible to the type of man-in-the-middle attacks presented by them.

"This is a national security issue," VAT team leader Roger Johnston stated for THN. "It should really be handled by the Department of Homeland Security."

According to the researchers, the complexity of the process is really low, anyone with 8th grade electronics knowledge being able to do these things.

So what did they actually do?

They easily opened the touch-screen panel used for the balloting itself. Inside the console, they've installed a microprocessor soldered to a circuit board which also contained a wireless receiver. This was connected between the input device and the unit that processes the whole operation.

With a remote control that can be purchased for around $16(€10) they managed to basically take over the apparatus and control it to their own liking. They were able to remotely vote, replace a genuine vote with one of their own and even manipulate the printer to list anything they desired.

One of the disturbing things was that even though Johnston and Warner claimed that the parts could be reduced in size and the traces of the tampering could be wiped, this wasn't necessary as no one ever checks the interior of these devices.

These machines have been the subject of controversy in many occasions, this proof-of-concept attack showing once again that serious security measures have to be adopted in order to prevent fraud.

TELL US WHAT YOU THINK:

1,503 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Doppelganger Domains Could Cost Companies Millions
McAfee Report: Vehicles Exposed Due to Lack of Security
Bluetooth Not as Safe as Everyone Thinks

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use