Technology Review - Published By MIT
Technology Review  in English | en Español | auf Deutsch | in Italiano | 中文 | in India
Advertisement

How to Hack an Election in One Minute

Princeton U. researchers have released a study and video that demonstrate the ease of altering votes on an electronic voting machine.

By Daniel Turner

Monday, September 18, 2006
smaller text tool iconmedium text tool iconlarger text tool icon

On September 13, researchers at Princeton University's Center for Information Technology Policy (CITP) released a study detailing their successful attempt to hack a Diebold AccuVote-TS, one of the most widely used voting machines in the United States. The researchers, Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, also posted a demonstration video of their hack.

The CITP is not the first group to demonstrate the vulnerability of Diebold's machines. BlackBoxVoting.org, Open Voting Foundation, and Johns Hopkins computer science professor Avi Rubin have all published accounts of security compromises in Diebold products. BlackBoxVoting.org wrote about their successful guerrilla project to swap out a Diebold voting machine's memory card using $12 worth of tools in four minutes (the Princeton team says it can execute its hack in one minute).

But the previous reports simply highlighted potential holes in the Diebold machines' security. The CITP study shows exactly how entire voting systems could be not just rendered inoperable, but deliberately hacked to rig an election. In fact, the CITP group developed a simple software virus to do just that, along with a method of deploying it.

The group's study had three main findings. First, the CITP group discovered that not only could it install malicious code on the voting machine, but also that the code could easily be configured to "disappear" once its work was done, leaving no trace of tampering; the electronic and paper records produced by the voting machine would agree--and both be wrong.

Second, they found that physically hacking into the machine and its memory card was easy, as BlackBoxVoting.org had also discovered. The Diebold AccuVote and similar machines rely on a removable memory card for storing vote counts and uploading new system software. The CITP team was able to remove the card, replace it with one of their own, and reboot the machine, causing it to automatically install the software they had placed on the memory card--the software that could fix election results.

Story continues below


The CITP's third finding was that its virus code could spread. The CITP showed that an infected machine could infect its original memory card, once the card was returned to the machine. Furthermore, the infected memory card, inserted into another voting machine, would infect that machine and then its memory card, and so on. In normal election procedures, memory cards are taken out of all voting machines and placed into one machine, which acts as an "accumulator" for tallying the total votes in a precinct. "By planting a virus far enough in advance, [a hacker] can ensure that a significant number of machines can steal votes on election day" even if the criminal had access to only one voting machine, says the narrator of the demonstration video.

"It's like the old days, when viruses were spread on floppy disks," says Princeton's Felten.

Tags

e-voting election voting machine voting technology

Related Articles

Comments
  • Not even a second tape
    Cash registers have two printers - one with the customer receipt, a second with the accounting receipt.

    The accounting receipt is in a hidden compartment.  If the machines had a kept receipt which displayed through a lens the vote just cast, the voter could easily verify that that vote was recorded on the receipt correctly.

    Then any fraud would have to make artificial copies of these vote-by-vote tapes to successfully steal votes - stealing the electronic votes would beuseless because a hand cound would catch it.
    Rate this comment: 12345

    wizwom
    09/18/2006
    Posts:8
    Avg Rating:
    4/5
  • paper, and paper alone
    will provide voters with confidence that their votes have been recorded correctly. Electronic voting machines are "black boxes" that cannot ever be trusted completely. Let's not be in such a hurry -- we should vote on paper and take as many days as necessary to count the ballots by hand. The television networks would love it -- 5 days of suspense on which they could report, instead of just a few hours!
    Michael Rodemer
    Rate this comment: 12345

    rodemer
    09/18/2006
    Posts:3
    • Re: paper, and paper alone
      In Canada we use paper ballots.  At the end of the polling day, we count them up (about 1-1.5 hrs at the most), phone in our results to the constituency office who holds the results till they all come in, who then calls in the results to the federal election office.  Results are known within 2 hrs of poll close, so by 11pm Pacific, we know who won the election and what the results were.  This is with paper - very easy, very reliable and doesn't take 5 days to get results.  The whole electronic thing seems to be more about the "cool" factor than the election's integrity and infallibility.
      Rate this comment: 12345

      darronre
      09/18/2006
      Posts:1
  • Misdirected effort
    It is easy to snype at a developed technology and find flaws. The chalange for you is to find ways to make this technology secure. I am getting tired of the fault finders. If they are so smart, find a way to secure the process. I believe that many "hackers" have a low self esteem. They are compelled to find fault with others, rather than take the risk to develop something themselves. But then, someone will be snyping at them.
    Rate this comment: 12345

    gasper@almap...
    09/18/2006
    Posts:2
    • Re: Misdirected effort
      Please remember that in order to make devices like this secure, it is necessary to hack it in order to expose the flaws. The Diebold machines deserve a special emphasis since the company and its employees are big financial supporters of the current administration which has certainly been the subject of controversy on its election tactics.
      Rate this comment: 12345

      JH
      09/18/2006
      Posts:8
      • Re: Misdirected effort
        Aren't you tired of taking a flaw in an vote counting machine and turning that into a political statement? You are suggesting that the engineers at Doiebold are complicit in a conspiracy to defraud the people. The Dieblod engineers probably went to MIT. I am positive that MIT does not encourage or promote duplicity. If you don't have a solution, stop complaining. I am tired of the widespread negativity that pervades this industry. As educated engineers we should applaud innovation and work to make it better. Sitting on the sidelines and criticizing is not productive. As a nation we respect the innovators, when was the last time you saw a statue to a critic?
        Rate this comment: 12345

        gasper@almap...
        09/19/2006
        Posts:2
  • totally unnecessary
      The saddest part of all this is that this situation need never have arisen in the first place.   Altera offers their Stratix II GX  FPGA line, which includes an onboard 128 bit AES encryption system which will *ONLY* accept initilization code from a source that has properly encrypted the code with a key that is built into a one time programmable register in the FPGA.  The register, and the decrypted initialization code are not accessible from outside the FPGA, so the code is as secure as anything *CAN* be.  The likelihood of anyone finding a means of altering the control code of the voting machine is virtually nil.

       Moreover, the cost of these FPGAs is quite low, not that cost should be a consideration in a crucial and sensitive application such as this one.

       Diebold is and has been aware of the flaws and deficits in thier design all along, and ought to be required to refund every penny customers have spent in purchasing these machines.

       Releasing these clearly flawed machines was a deliberate, cynical and self-serving social crime on the part of Diebold and its executives.

       Voting machines should never be allowed to be proprietary designs.  There is far too much secrecy in proprietary products, and such secrecy leads to the sorts of problems being seen in this instance.  A Federal Design Commission ought to be appointed to design a voting machine that is tamper proof, verifiable, and has an open architecture, permitting ANY citizen to review and critique the design.

       Open Source is the answer to the problem of reliable, trustworthy electronic voting machines.  No proprietary design, developed by a corporation with profit as its primary goal, can be trusted sufficiently for this crucial and highly sensitive application.  Even if we work on the assumption that a corporation would not deliberately allow a flawed design to go forward, out of social responsibility, the drive for profitability and time to market leaves too many holes, through which flaws and questionable designs can slip inadvertantly, due to the commercial focus necessary in a corporate environment.
    Rate this comment: 12345

    avrFreak
    09/18/2006
    Posts:5
    Avg Rating:
    5/5
  • Paper works fine
    It is strange to hear about the problems introduced by electronic voting when paper voting remains the most reliable system. Who is pushing the electronic voting agenda and what do they seek to gain from it?
    Rate this comment: 12345

    nukeisrael
    09/18/2006
    Posts:1
    • Re: Paper works fine
      Since this is a "technology review" site, I'm sure nukeisrael can provide citations of articles which show that inherent errors are less for paper voting than for electronic voting.  I, for one, would be interested in seeing this data.

      Also, there are many other vendors that do provide a "dual" paper record (VVPAT) system.  It generally consists of a secure scorlling printer receipt veiwable by the voter.  The voter reviews the entire paper receipt before submitting the ballot.  There is a second record kept in the machine (which can be printed out from the machine) and a third record stored on a memory cartridge.

      I think this kind of research does have merit, but the "hacks" need to be reported in context, and with regard to what other safeguards may/should be in place during an election. 

      I can hack a paper ballot box with a laser printer and a pen...  Give me unfettered access to the "box" where the ballots go, and I can swap out 100% of the paper ballots with my own.
      Rate this comment: 12345

      DocG
      09/19/2006
      Posts:1
  • Polite Engineers
    Tired of all the sniping and negativity? My! my! my!
    Voting machines counting backwards, changing votes
    right in front of the voters eyes. But we mustn't,
    mustn't speak of such troubling possibilities,
    must we(we of the software engineers).
    Rate this comment: 12345

    longnow
    09/24/2007
    Posts:3
  • Fire Sale
    It's been said that Diebold has tried to
    sell off its electronic voting machine division
    with no takers. I wonder why.
    Rate this comment: 12345

    longnow
    09/24/2007
    Posts:3
Reply

Log In

Forgot your password?     Register »
Advertisement

Videos
Latest Videos
Malleable Maps, Artistic Robots and Bubble Interfaces

Top Stories Of The Day

Technology Review January/February 2010

Current Issue

Security in the Ether
Information technology's next grand challenge will be to secure the cloud--and prove we can trust it.
Advertisement
Advertisement

RSS Feeds

xml icon TR Top Stories
xml icon TR Editors' Blog
xml icon TR Video Blog
xml icon TR Video
Advertisement
Subscribe to Technology Review's daily e-mail update. Enter your e-mail address

TECHNOLOGY RESOURCES
Advertisement
MIT Massachusetts Institute of Technology © 2010 Technology Review. All Rights Reserved.