14 DAY TRIAL // A recent experiment has proven that electronic voting machines can be easily tampered with physically, in order to gain total control of the balloting process. The alarming thing is that in just a couple of minutes, using $10(€7) worth of electronic components, the machine can be overtaken by the attacker.
The Vulnerability Assessment Team (VAT) at the U.S. Dept. of Energy's Argonne National Laboratory in Illinois played around with a Diebold Accuvote touch-screen machine. Roger Johnston and John Warner revealed in a video posted on The Hacker News that any type of voting device is susceptible to the type of man-in-the-middle attacks presented by them.
"This is a national security issue," VAT team leader Roger Johnston stated for THN. "It should really be handled by the Department of Homeland Security."
According to the researchers, the complexity of the process is really low, anyone with 8th grade electronics knowledge being able to do these things.
So what did they actually do?
They easily opened the touch-screen panel used for the balloting itself. Inside the console, they've installed a microprocessor soldered to a circuit board which also contained a wireless receiver. This was connected between the input device and the unit that processes the whole operation.
With a remote control that can be purchased for around $16(€10) they managed to basically take over the apparatus and control it to their own liking. They were able to remotely vote, replace a genuine vote with one of their own and even manipulate the printer to list anything they desired.
One of the disturbing things was that even though Johnston and Warner claimed that the parts could be reduced in size and the traces of the tampering could be wiped, this wasn't necessary as no one ever checks the interior of these devices.
These machines have been the subject of controversy in many occasions, this proof-of-concept attack showing once again that serious security measures have to be adopted in order to prevent fraud.