marco
blog
Menu:
Attacking electronic voting systems: the video
September 8, 2008
Last summer, I was a member of the UCSB Computer Security Group that tested the security of the Sequoia electronic voting system. Our work was part of the Top-To-Bottom Review of electronic voting machines in California, ordered by Secretary of State D. Bowen.
Our task was to detect vulnerabilities in the Sequoia voting system and implement exploits that would "cause incorrect recording, tabulation, tallying or reporting of votes" or that would "alter critical election data such as election definition or system audit data".
We designed and implemented a number of these attacks. In particular, we proved that it is possible to combine several attacks to inject into the system a virus-like malicious software that automatically spreads to as many voting machines as possible. We have (at last!) been able to release a video we prepared that shows what can be achieved by such a virus.
The video lasts about 16 minutes: it gives a nice overview of the voting system and shows the complete life-cycle of the virus (click on the video to play it). If you are in a hurry, I recommend to start watching around minute 12:26 to see that votes can be changed on a VVPAT-enabled DRE machine and that seals can be bypassed without being detected.
You can download the video from here. More information is available on the Computer Security Group's voting page.
Update: the group's site has been slashdotted... The video can be found on youtube (part I, part II)
To leave a comment, complete the form below. Mandatory fields are marked *.
Thanks for the report. I referenced it (and the YouTube videos) in this blog post:
http://www.bohseye.com/index.cfm/2008/10/15/Hack-the-Vote-Electronic-Voting-Systems-and-Democracy-in-the-21st-Century
Hopefully _somebody_ will get around to fixing these systems... Maybe that's wishful thinking, thoug.