Voting Machines Lose to Hackers Again

Use Netsparker


I’m sure everyone remembers the Diebold voting fiasco with their system getting pwned multiple times. Back in May 2006 it was announced from multiple sources that the Diebold system was critically flawed.

Then more recently Hackers in the Philippines were Invited to Crack Internet Voting, which is definitely positive step to increase security in voting applications.

Now more recently it’s been announced that voting machines have lost to hackers again.

State-sanctioned teams of computer hackers were able to break through the security of virtually every model of California’s voting machines and change results or take control of some of the systems’ electronic functions, according to a University of California study released Friday.

The researchers “were able to bypass physical and software security in every machine they tested,” said Secretary of State Debra Bowen, who authorized the “top to bottom review” of every voting system certified by the state.

Thankfully this time they were state-sanctioned hackers and not black hats or anarchists. But it shows again the voting system are flawed, most likely the very architecture they are built on hasn’t been thought through properly.

Neither Bowen nor the investigators were willing to say exactly how vulnerable California elections are to computer hackers, especially because the team of computer experts from the UC system had top-of-the-line security information plus more time and better access to the voting machines than would-be vote thieves likely would have.

“All information available to the secretary of state was made available to the testers,” including operating manuals, software and source codes usually kept secret by the voting machine companies, said Matt Bishop, UC Davis computer science professor who led the “red team” hacking effort, said in his summary of the results.

Of course they wouldn’t publicly state how badly they’ve screwed up…but still it doesn’t look good.

The machines really should be de-certified, even though there was no probability analysis, or risk profiling. There are still flaws there and something needs to be done about it.

Source: SFGate

Posted in: Exploits/Vulnerabilities, Legal Issues

, , ,


Latest Posts:


Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.


Comments are closed.