- DEFCON Convention: Voting Machine Hacks
(Business Insider) According to an article by Sonam Sheth hackers at DEFCON were able to breach multiple voting machines within only minutes. Sheth’s article states that hackers were able to infiltrate every single one of the thirty voting machines within just moments of having physical access and that even rudimentary access measures had not been safeguarded against (such as adding a physical keyboard and pressing ctrl-alt-del).
Opinion:
Sheth is quick to point out the importance of these vulnerabilities while at the same time downplaying the fact that physical access was required for almost every single hack with nearly all the machines being air-gapped and lacking wi-fi capabilities. While it is true that these vulnerabilities seem to ignore basic cybersecurity measures, one must also remain cognizant of the fact that these are not the latest and greatest machines, these were purchased in the secondary market and many of these are no longer in use throughout the US. Furthermore, in nearly every single instance physical access was a critical element of the hack and voting machines and polling locations are generally fully staffed locations and the voting machines are kept in plain-view and have key-tags to prevent physical access. Additionally, while hacking was possible on many of these machines, changing the vote totals would result in mismatches between ballots and the voting machine — such discrepancies would require operator intervention and verification. I certainly agree that our electronic voting machines should require basic cybersecurity hygiene, however, I am reticent to stipulate that merely because physical access to (mostly) outdated machines demonstrates the ability to access and control these machines that somehow our election process is suspect. That seems an unfair and unfounded characterization and is not at all what was borne out of the DEFCON hacking attempts. However, we should be cognizant of the issues facing electronic voting machines and there should be minimum cybersecurity measures implemented for electronic voting — we just shouldn’t delve into panic mode (at least not yet).
Leave a Reply