The Vote is Very Hackable
Updated: Jun 7, 2020
From PC Magazine - August 2018
Original article link: https://www.pcmag.com/news/what-can-we-learn-from-a-terrible-voting-machine
This is another excellent article on Professor Carsten Schuermann's further research into the vulnerabilities of the WinVote machine, the link above goes to the original article.
It is worth remembering that, although the outcry about this machine's frank vulnerabilities caused it to be pulled from service, we need to remember a few vital facts. This machine was in service, and it was used to collect and tally votes for several years. Were any of those elections hacked? Who knows? Because no voting machines are available to the public for review after an actual election, there is no way to verify this. But this question is even more terrifying - how did such an insecure voting machine get approved for use in the first place? How does that approval of technology work, who signed off in these machines and the technology? Why isn't that information known to the public? Was the person or board responsible for such approval held accountable? Do we have a written report on how the technology was tested, what vulnerabilities were sought for, and how the approval process came to the conclusion to allow this machine to be certified for use?
We do not. That is terrifying - because if this process can happen behind closed doors (so to speak) - this process that underlies the very security of your vote and thus controls the power of your vote - well, then that process can be as secure or as insecure as the approval process permits.
Here we have absolute proof that that approval process is inadequate. In fact, I would say it is completely negligent. If your bank account was handled with this amount of security, you would not ever put your money in any bank. That is a clue that you should not trust this process with your vote either.
From the article: "When Associate Professor Carsten Schuermann hit the last key to trigger an attack on the WinVote voting machine onstage, nothing happened. This could be catastrophic for most presenters at the Black Hat conference. (But) what Schuermann did was demonstrate something far scarier: he showed how hard it was to tell if an attack had happened at all. "When you add technology to the voting process, you clearly increase its attack surface," said Schuermann. This creates one problem, where people could manage to hack it and potentially change votes, or snarl an election by taking machines offline."
The Worst Voting Machine Ever
The WinVote machine on stage was one of about 4,000 used in the state of Virginia between 2004 and 2014. The potential for tampering with these devices is clear. They run an embedded version of Windows XP.
"Unfortunately they did not install any security updates on this machine," said Schuermann. This means it is vulnerable to any attack created after 2003, a full year before the voting machine was deployed.
Up close with WinVote, allegedly the worst voting machine in the world. #BlackHat2018 pic.twitter.com/jRuBt5mieK — Bitter, Tired, and Sweaty (@wmaxeddy) August 9, 2018
There are other major vulnerabilities with the WinVote machine. For one thing, it has an always-on wireless component to make it easier to configure multiple devices at a polling place. There is a password to control its wireless function, and that password is "abcde." That's not, as Schuermann pointed out, a very good password."