Voting machines that could be used by up to a quarter of the US electorate on Election Day next year can be hacked, says a group of computer science and security experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois. In fact, they’re not only saying it. They’ve done it.
A Salon report says that the hack can be performed “with just $10.50 in parts and an 8th grade science education.” Even more alarming, it’s believed that the hack, which could alter voting results, can be carried out without any trace of tampering having occurred.
The leader of the assessment team, Roger Johnston, said they believed such attacks were possible on a number of e-voting machines.
The hack was performed by the team on a Diebold voting machine, though two years ago the same group also managed a similar hack on a Sequoia e-voting machine.
The hack is performed by inserting a cheap electronic device into the e-voting machine. The device allows the machine to be controlled via a remote control unit at a distance of up to half a mile. The device could be put inside machines while they’re in storage prior to an election.
When the voter makes their selection and presses the Vote Now button, the person with the remote control can intercept and change the vote.
A member of the assessment team, John Warner, explained how carrying out the hack costs next to nothing. “The cost of the attack…..was $10.50 in retail quantities. If you want to use the RF [radio frequency] remote control to stop and start the attacks, that’s another $15. So the total cost would be $26.”
Despite the concerns raised by the team, touch-screen Direct Recording Electronic (DRE) machines, or something similar, are scheduled to be used on Election Day in the US next year .
Sean Flaherty, a policy analyst for VerifiedVoting.org, a nonpartisan e-voting watchdog group, said that nearly all voters in states such as Georgia, Maryland, Utah and Nevada, as well as the majority of voters in New Jersey, Pennsylvania, Indiana and Texas, will vote using DREs on November 6, 2012. Voters in cities such as Houston, Atlanta, Chicago and Pittsburgh will also use them.
Johnston, the leader of the assessment team, told Salon: “The machines themselves need to be designed better, with the idea that people may be trying to get into them. If you’re just thinking about the fact that someone can try to get in, you can design the seals better, for example.”
He added: “This is a national security issue. It should really be handled by the Department of Homeland Security.”