Could e-voting machines in Election 2012 be hacked? Yes.

Despite this, among the 23 states that use touch-screen Direct-Recording Electronic (DREs) machines as a primary voting system in at least some precincts, only California, Indiana, and Ohio were rated excellent in a national report this summer by Verified Voting, a Carlsbad, Calif., nonprofit that tracks voting machine use.

The updated physical security measures are not enough, security researchers add. For example, seals that cover sensitive areas of the equipment have been repeatedly shown to be ineffective. Some don't even seal the right things.

Physically securing machines with seals is a two-edged sword, too, security experts say. If a poll worker finds a seal broken, what can be done? Votes can be recounted if the machines use paper. But if they don't, counting the votes anyway means including results that may be invalid. Not counting the votes opens the door to an even simpler way to tamper with an election: just go to places where people vote against your candidate and tamper with those machines’ seals, Penn's Dr. Blaze says.

"I'm not at all sanguine about the physical security improvements," he says. "The basic findings are still valid: These machines are prone to tampering if people that can get unattended access. Certain software changes make the attacks needed more elaborate, but the bottom line is that these machines still are subject to tampering and don't keep paper records, only electronic records that can be changed."

How a hack might happen

Rigging a national election by cyber means would require a lot of money, hacker talent, and sophistication. But it could happen in a number of ways, experts say.

For a savvy hacker, the time and access needed to infect a machine is so small that it could be done while in a voting booth. Alternately, someone wanting to alter election results could get access through a corrupt poll worker. The Stuxnet attack, reportedly a joint US-Israeli project, provides yet another – albeit more ambitious – blueprint.

That attack is believed to have first infected the computer networks of Russian or Irnaian technicians through the Internet. Then, the Stuxnet worm gained access to the Iranian nuclear program when the technicians serviced those computers with their own infected equipment. From there, it spread throughout the Iranian network. Similarly, a hacker could in theory use the Internet to target an e-voting machine company, which would then unknowingly infect its own machines when it serviced them.

Such malicious software makes it appear to users that the system is working fine when it is not ­– a so-called "man in the middle" attack because the rogue software sits between the user and the machine response, working various software levers unbeknownst to the user. A Stuxnet-like attack could spread via voter memory card to many machines, no Internet or human help needed.

"If you're considering a malicious attack, then you're dealing with an adversary that's strategic about where they're going to act," says Edward Felten, a Princeton professor who also has analyzed cybersecurity and other e-voting machine weaknesses state by state. "An attacker might look at the odds of getting away with an attack in a particular place. Where he attacks might also depend on being able to get access to a machine through a corrupt election official or in a state where defenses are weaker."

It's impossible to know if newer machines and software are really secure because their source code is largely unavailable for analysis, Dr. Felten and others say. Voting-equipment makers frequently say their software is a trade secret. But some security experts say that needs to change.

"Our goal should be an election so open and transparent, including the software,” says author Ms. Simon. "It's not so much for the winners that we need it. It's for the rest of the electorate – convincing the losers and their supporters they really did lose. That's why it's important."

Previous

1 | 2 | 3