If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Popular Science)   Professional hacker breaks down the process of stealing votes from an electronic voting machine. It's so easy your grandmother could do it   (popsci.com) divider line 66
    More: Scary, voting machines, science fairs, Argonne National Laboratory, 20th state, user manual, access control, open standard, grandmother  
•       •       •

6407 clicks; posted to Geek » on 06 Nov 2012 at 11:57 AM (1 year ago)   |  Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



66 Comments   (+0 »)
   
View Voting Results: Smartest and Funniest

Archived thread

First | « | 1 | 2 | » | Last | Show all
 
2012-11-06 07:12:51 AM
You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.
 
2012-11-06 07:32:43 AM
that's why she's on the death panel. so she does rig the voting machines.
 
2012-11-06 08:07:48 AM
Well, to be fair, my grandmother assembled aircraft gauges in World War II.
 
2012-11-06 08:30:46 AM
But what about cavemen?
 
2012-11-06 08:34:50 AM

Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.


Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.
 
vpb [TotalFark]
2012-11-06 08:43:18 AM

serial_crusher: Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.

Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.


Except that the people who do the locking are the ones that we worry about doing the tampering?
 
2012-11-06 08:55:43 AM

vpb: serial_crusher: Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.

Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.

Except that the people who do the locking are the ones that we worry about doing the tampering?


Well, the guy from TFA's argument is that "it's typically not that hard for outsiders. A lot of voting machines are sitting around in the church basement, the elementary school gymnasium or hallway, unattended for a week or two before the election".

It's pretty much a no-brainer in security that you need to limit physical access to important stuff, and monitor the hell out of the people who need to have access to it.
 
2012-11-06 09:08:16 AM
Hack the subroutines!
 
2012-11-06 10:27:20 AM

serial_crusher: Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.

Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.


Every computer in existence can be compromised if you have physical access to the guts. Security is irrelevant at that point. That's why many desktop cases have a padlock hole.
 
2012-11-06 12:06:28 PM

vpb: Except that the people who do the locking are the ones that we worry about doing the tampering?


They can find easier ways to mess with the election than going out of their way to learn how to program microprocessors, cut a few thousand of them, then spend weeks opening up every single machine and implanting them without anyone noticing. And hope they don't screw up the code. Or that anyone notices a couple of months later when the machines are opened for maintenance.

/yea ... really plausible ...
 
2012-11-06 12:11:37 PM

serial_crusher: Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.

Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.


they also don't encrypt their communications over the wire. man in the middle city.
 
2012-11-06 12:12:12 PM

gingerjet: vpb: Except that the people who do the locking are the ones that we worry about doing the tampering?

They can find easier ways to mess with the election than going out of their way to learn how to program microprocessors, cut a few thousand of them, then spend weeks opening up every single machine and implanting them without anyone noticing. And hope they don't screw up the code. Or that anyone notices a couple of months later when the machines are opened for maintenance.

/yea ... really plausible ...


you only have to hit the big precincts.
 
2012-11-06 12:15:04 PM

serial_crusher: Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.


...actually, it is a voting machines are easily hackable thing, in large part because the communication channels are entirely unencrypted, allowing for a simple MITM attack like this. Physical security is important, sure, but what are they going to do - weld the box shut? What's the chain of custody for the machine? This is exactly why concepts like "defense in depth" exist.
 
2012-11-06 12:15:23 PM
Why isn't this shiat secure yet? I mean we have ATM's and lottery machines that seem to be pretty damn secure.
 
2012-11-06 12:23:44 PM
Yeah, but to say this would happen would be a *conspiracy theory* and we know CONSPIRACIES DON'T HAPPEN.
 
2012-11-06 12:24:31 PM
Oh, and:

blackboxvoting.org
 
2012-11-06 12:25:24 PM
housegirlhaley.files.wordpress.com
 
2012-11-06 12:31:59 PM
Yes, indeed, if you do the electronic equivalent of setting your box of ballots down by a dude with a custom ballot-printing press, without bothering to lock it, then go get coffee and don't bother keeping a list of the number of people that voted or looking for suspicious patterns in the ballots, then it's possible that someone might mess with them.

Who farking knew.

//Most hypothetical situations where a vote could be compromised by someone with access could be compromised to an even greater degree, much less traceably, for paper ballots by someone with equivalent access. Good to see that everyone's booting up their "the other guy stole the election" excuses in advance this year, though.
 
2012-11-06 12:39:20 PM

PsyLord: Why isn't this shiat secure yet? I mean we have ATM's and lottery machines that seem to be pretty damn secure.


Then the political parties in power wouldn't be able to manipulate the elections. ATMs, lottery and slot machines all have owners with a financial stake in you NOT getting in there. Election machines have people in charge with a stake in being able to break them.

We already know that Congress and state legislatures exempt themselves from almost every rule they make. It's not too hard to believe they wouldn't compromise voting integrity to exempt themselves from having to have a fair election.
 
2012-11-06 12:48:02 PM
Stop it Grandma! This is wrong. Also, you're supposed to be dead.
 
2012-11-06 12:48:57 PM
It's supposed to be easy... Just not for the common man. That's the whole point of the device.
 
2012-11-06 12:49:08 PM
i1.kym-cdn.com
 
2012-11-06 12:52:00 PM
my grandmother is dead subby....thanks a lot!
 
2012-11-06 12:54:44 PM
As someone who had to deal with the ballot machine failing today, I'm getting a kick...

/ Not really....
 
2012-11-06 01:16:06 PM

Kazan: serial_crusher: Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.

Pretty much. This isn't a "voting machines are easily hackable" thing. This is a physical access issue. Keep shiat locked up properly and it's not a problem.

they also don't encrypt their communications over the wire. man in the middle city.


Yeah, they didn't encrypt their "communications" over the "wire" that goes between the keyboard and the CPU inside the machine. How dare they?
 
2012-11-06 01:18:56 PM
solution - one word...
receipt.

If we're technologically capable enough to have electronic voting machines...then we can give copies.
The damn auto-check out counters have it at stores everywhere.

Print a receipt for the voting authority.
Print a receipt for yourself.

This will be something to refer to in case of hack or glich...or any doubt or recount.
HEY! WHAT A CONCEPT!
 
2012-11-06 01:23:33 PM
The problem with tampering physical ballots is the pile of physical evidence you have to overcome: 1) the bucketloads of fake ballots you have to create, transport, hide, and swap in; and 2) the bucketloads of real ballots you have to remove and dispose of. This requires multiple individuals involved either knowingly or unknowingly, which creates HUGE problems if you want to do it successfully.

The great part about electronic voting tampering is that it removes these immense physical hurdles - which makes it more tempting and more practically possible. Also it allows one action to have a much larger impact and requires fewer people in the know. It is also easier to hide obvious patterns as it allows you to modify results in real time so as to get just enough in your favor instead of creating a clearly out-of-place result.

Know how I know that the "voter-ID" people are full of shiat? They're also in most cases the people who pushed the hardest for electronic voting. If they really cared about reducing REAL vote-fraud (manipulating the results, not having people vote multiple times) they'd have been fighting electronic voting tooth and nail.
 
2012-11-06 01:23:38 PM
Easier way to hack these machines: "Hey Mr. Software Developer, here's $50,000."
 
Xai
2012-11-06 01:31:13 PM
5 votes for President Romney
 
2012-11-06 01:35:23 PM

Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.


The point isn't that YOU could do this. The point is that THEY can do this.

And if there's any confusion about who "THEY" might be, use the search engine of your choice along with the terms "Ohio" "Voting Machine" "Republican" and "Secretary of State". They're using "experimental" software rather than a man-in-the-middle attack, but the idea and intent behind it is very likely to be the same.
 
2012-11-06 01:38:38 PM
I don't trust no got-dayum compooters to handle things as important as my vote.

No excuse me, while I go check my life savings in my online bank account and makes several thousands of dollars worth of stock buys.
 
2012-11-06 01:39:58 PM
What really burns my cookies over this is the fact that unbreakable, bombproof encryption* technology exists in commodity form in hardware and softwareand it is literally a design decision not to put it in these machines. That would end the entire MITM scenario is a fell swoop.

Likewise, fully transparent, accountable data transfer with errors rates in the low hundredths of a percent is a COMPLETELY STANDARD mode of operation around the world and that would end the question of ownership and deceitful practices by the operators.

but nooooooo lets put the vote counts in CSV files and walk around with them on USB sticks,Jesus farking christ on a cross


*for all practical intents, so STFU you crypto assholes, think u r so smrt S-M-R-T.
 
2012-11-06 01:53:08 PM

rogue49: solution - one word...
receipt.


I tend to agree, but a receipt would realistically only be useful if somebody called shenanigans and a manual recount happened (or maybe if there were random spot checks that happened to catch it). If the guy controls the keyboard and screen, he might as well control the printer, so (electronically) recording a different vote would still be feasible. But of course a manual count of the ballots would come up with a different number.

It's a good way to prove something happened after the fact, but not particularly effective at preventing it from happening. And to be fair, it would be just as easy to inspect the machines for "third party hardware" after the election as it would to manually count all those printed ballots.

/ I swear I remember (but can't find the link to) a story from years ago about a machine that did a whole paper printing thing, behind a tamper proof window to prevent ballot stuffing. Some guy did a proof of concept where he hacked the machine such that whenever somebody voted for canidate A, the machine would wait a few seconds and print two ballots for candidate B, hopefully fast enough that it would be done printing before the next guy in line came through.
 
2012-11-06 01:58:17 PM
1) The scantron voting machines that have been in use forever would have the same problem.
2) We know that this isn't a problem because I've been told over and over that if no one has been convicted of vote fraud that vote fraud doesn't exist and no one needs to worry about it.
 
2012-11-06 02:08:47 PM

willfullyobscure: What really burns my cookies over this is the fact that unbreakable, bombproof encryption* technology exists in commodity form in hardware and softwareand it is literally a design decision not to put it in these machines. That would end the entire MITM scenario is a fell swoop.


I'm admittedly not very knowledgeable about hardware encryption schemes, but that sounds unfeasible. The guy has full access to the entire machine, so what kind of encryption is going to help? Article is talking about doing two things:
1) Intercept a button press on a keyboard
2) display a fake UI on the screen, which is consistent with the buttons pressed.

When you have unfettered access to the actual electrical contacts from the buttons, sticking a man in the middle between those is dirt simple.
The monitor is a little bit harder, but all you'd need to do there is install a new monitor that talks to the man in the middle controller you've built, and worst case scenario, find a way to fit that fake monitor and the original one into the same space inside the box (presuming the software is doing some check that the original encrypted monitor is present and functioning).

What kind of encryption could you implement that isn't vulnerable to somebody who has access to the whole process?
 
2012-11-06 02:24:27 PM

serial_crusher: What kind of encryption could you implement that isn't vulnerable to somebody who has access to the whole process?


None. Zero. Zilch.

That's why IMO it's vital to move away from these electronic voting machines OR implement rigorous checks and balances. And, of course, why there never will be. I was so happy to see paper in the polling station this morning.
 
2012-11-06 02:32:35 PM
To totally remove voter fraud, they need all-physical voting. Just trace 4 or 5 giant circles somewhere in the midwest, each one assigned to a candidate, and whichever circle has the most people standing in it at 6pm CST on election day wins.

The losing circles immediately have a giant weight dropped onto them, so that whoever is elected can enjoy a glorious reign unopposed. Also trims down the population problem!
 
2012-11-06 02:32:54 PM

Mateorocks: [i1.kym-cdn.com image 263x192]


I bet that Grandma switched form AOL to one of those hacker ISPs.
 
2012-11-06 02:36:36 PM

serial_crusher: willfullyobscure: What really burns my cookies over this is the fact that unbreakable, bombproof encryption* technology exists in commodity form in hardware and softwareand it is literally a design decision not to put it in these machines. That would end the entire MITM scenario is a fell swoop.

I'm admittedly not very knowledgeable about hardware encryption schemes, but that sounds unfeasible. The guy has full access to the entire machine, so what kind of encryption is going to help? Article is talking about doing two things:
1) Intercept a button press on a keyboard
2) display a fake UI on the screen, which is consistent with the buttons pressed.

When you have unfettered access to the actual electrical contacts from the buttons, sticking a man in the middle between those is dirt simple.
The monitor is a little bit harder, but all you'd need to do there is install a new monitor that talks to the man in the middle controller you've built, and worst case scenario, find a way to fit that fake monitor and the original one into the same space inside the box (presuming the software is doing some check that the original encrypted monitor is present and functioning).

What kind of encryption could you implement that isn't vulnerable to somebody who has access to the whole process?




The kind where the keys to the encryption are automatically generated and authenticated by the machines doing the transfer, and a person never touches them- this can be implemented in hardware very easily, or the keys are somewhere else. Ideally, these machines should scramble the data that comes out and nothing should be able to unscramble them except for the vote tallying machine, and no person should be involved except to plug the thing in. Secured communications, also utterly trivial, software checks to disable the machine if its not in proper configuration, etc etc. There'd a be a easy to understand audit trail and a common body of practices to certify them. Of course its all theorectically flawed, but the point of security and encrpytion in general is not to make thing unfarkable, but to make them increasingly difficult to fark.


http://news.cnet.com/3-in-1-encryption-chip-ships/2100-1001_3-210353. h tml

that's from 1998.
ATMs do all this, and almost flawlessly, too.

Diebold makes some great ones.
 
2012-11-06 02:38:06 PM

unchellmatt: serial_crusher: What kind of encryption could you implement that isn't vulnerable to somebody who has access to the whole process?

None. Zero. Zilch.

That's why IMO it's vital to move away from these electronic voting machines OR implement rigorous checks and balances. And, of course, why there never will be. I was so happy to see paper in the polling station this morning.


This is incorrect. hardware encryption is not a new thing. it is an old thing. there are almost too many choices, and better ones every day.
 
2012-11-06 02:50:10 PM

willfullyobscure: This is incorrect. hardware encryption is not a new thing. it is an old thing. there are almost too many choices, and better ones every day.


Presumably, someone has to have the key to decrypt the data on the machines. IF someone had access to the machines, and the key, it wouldn't be exactly a difficult task. Currently machines aren't watched, at least not sufficiently. It's been documented, from lax checks and balances with regards to who can do what, to Diebold machines being laughably easy to crack, that just such things could take place.

I'm not saying they do, however if it's possible, it should be assumed that someone will, eventually.
 
2012-11-06 03:02:28 PM
Wait, if you can get physical access to a computer, you can put microprocessors in it to change the vote?

Good thing you couldn't mess with vote totals by getting access to paper ballot boxes!!

Seriously, this article is retarded. It is the equivalent of getting access to the paper ballot boxes and pumping it full of fake ballots.
 
2012-11-06 03:07:26 PM

willfullyobscure: http://news.cnet.com/3-in-1-encryption-chip-ships/2100-1001_3-210353. h tml


You're missing the point. This guy is intercepting signals between keyboard and CPU, not over some network or between multiple devices. It's all happening inside a closed ecosystem that he has full control over. That's not at all what the article you linked to, or anything in your post, is about.
The user's finger pressing the button is as unencrypted as you can get. Then the button press closes an electronic circuit that sends input into that encryption chip you've mentioned. If this guy is in the business of physically soldering wires into the existing circuits, his target is the unencrypted input into the chip that does the encryption.

Basically, guy in TFA is full of shiat but for some reason you're buying it.

willfullyobscure: ATMs do all this, and almost flawlessly, too.


No, I'm pretty sure if you leave an ATM full of cash in the church basement and give somebody unfettered access to it, they'll be able to get their hands on the cash inside, regardless of the amount of encryption involved in the process.
They'll have a hard time forging deposits into their account, if that's their aim, but that's because the process there requires communication to an external system, i.e. the bank.
The attack this guy's talking about is basically a step above this. His involves a fake UI as well, but that's easy enough to do.
 
2012-11-06 03:09:57 PM

Pardon Me Sultan: Dinki: You implant a microprocessor or some other electronic device into the voting machine, and that lets you control the voting and turn cheating on and off.

Stopped reading right there.

The point isn't that YOU could do this. The point is that THEY can do this.

And if there's any confusion about who "THEY" might be, use the search engine of your choice along with the terms "Ohio" "Voting Machine" "Republican" and "Secretary of State". They're using "experimental" software rather than a man-in-the-middle attack, but the idea and intent behind it is very likely to be the same.


who's THEY? And what the hell is an "aluminum falcon?"
 
2012-11-06 03:10:35 PM

machoprogrammer: Wait, if you can get physical access to a computer, you can put microprocessors in it to change the vote?

Good thing you couldn't mess with vote totals by getting access to paper ballot boxes!!

Seriously, this article is retarded. It is the equivalent of getting access to the paper ballot boxes and pumping it full of fake ballots.


I guess that would be relevant if this were fundamentally about paper ballots Vs. e-voting, but it's not really about that. The actual issue here is that this implementation of e-voting is pathetically insecure, and that this should be corrected.

Don't let that stop you from derping about some irrelevant tangential issue, though.
 
2012-11-06 03:11:49 PM
It's almost like there was a reason democrats pushed for electronic voting with no safeguards.
 
2012-11-06 03:40:58 PM

rogue49: solution - one word...
receipt.

If we're technologically capable enough to have electronic voting machines...then we can give copies.
The damn auto-check out counters have it at stores everywhere.


The ones I've personally seen do exactly that.
www.sos.arkansas.gov 

The thing in the article looks archaic and almost intentionally difficult to use.
 
2012-11-06 03:56:38 PM

Kazan: you only have to hit the big precincts.


You only have to bribe an elections official, pass laws to restrict who can vote, run robocalls to spread misinformation, harass voters, put up signs that state the date has been changed, etc. All take less time and money to achieve. And are actually being done.

Hacked voting machines? Nope.
 
2012-11-06 03:57:23 PM
Meanwhile, rigged machine?

http://tv.msnbc.com/2012/11/06/machine-turns-vote-for-obama-into-one- f or-romney/
 
2012-11-06 03:58:23 PM

China White Tea: I guess that would be relevant if this were fundamentally about paper ballots Vs. e-voting, but it's not really about that. The actual issue here is that this implementation of e-voting is pathetically insecure complicated, and that this should be corrected.


FTFA
 
Displayed 50 of 66 comments

First | « | 1 | 2 | » | Last | Show all

View Voting Results: Smartest and Funniest


This thread is archived, and closed to new comments.

Continue Farking
Submit a Link »






Report