REAL WORLD EVENT DISCUSSIONS

Which voting machines can be hacked?

POSTED BY: CAPTAINCRUNCH
UPDATED: Wednesday, July 17, 2019 12:00
SHORT URL:
VIEWED: 977
PAGE 1 of 1

Wednesday, July 17, 2019 11:38 AM

CAPTAINCRUNCH

... stay crunchy...


All of them.

https://freedom-to-tinker.com/2016/09/20/which-voting-machines-can-be-
hacked-through-the-internet
/

SEPTEMBER 20, 2016 BY ANDREW APPEL
Over 9000 jurisdictions (counties and states) in the U.S. run elections with a variety of voting machines: optical scanners for paper ballots, and direct-recording “touchscreen” machines. Which ones of them can be hacked to make them cheat, to transfer votes from one candidate to another?
The answer: all of them. An attacker with physical access to a voting machine can install fraudulent vote-miscounting software. I’ve demonstrated this on one kind of machine, others have demonstrated it on other machines. It’s a general principle about computers: they run whatever software is installed at the moment.

So let’s ask:
Which voting machines can be hacked from anywhere in the world, through the Internet?
Which voting machines have other safeguards, so we can audit or recount the election to get the correct result even if the machine is hacked?

The answers, in summary:
Older machines (Shouptronic, AVC Advantage, AccuVote OS, Optech-III Eagle) can be hacked by anyone with physical access; newer machines (almost anything else in use today) can be hacked by anyone with physical access, and are vulnerable to attacks from the Internet.

Optical scan machines, even though they can be hacked, allow audits and recounts of the paper ballots marked by the voters. This is a very important safeguard. Paperless touchscreen machines have no such protection. “DRE with VVPAT” machines, i.e. touchscreens that print on paper (that the voter can inspect under glass while casting the ballot) are “in between” regarding this safeguard.

The most widely used machine that fails #1 and #2 is the AccuVote TS, used throughout the state of Georgia, and in some counties in other states.
And now, the details.
To hack a voting machine remotely, you might think it has to be plugged in to the Internet. Most voting machines are never plugged directly into the Internet. But all voting machines must accept electronic input files from other computers: these “ballot definition files” tell the vote-counting program which candidates are on the ballot. These files are transferred to the voting machine, before each election, by inserting a cartridge or memory card into the voting machine. These cartridges are prepared on an Election Management System (EMS) computer. If that computer is hacked, then it can prepare fraudulent ballot-definition cartridges. Are those EMS computers ever connected to the Internet? Most of them probably are, from time to time; it’s hard to tell for sure, given the equivocations of many election administrators.

The ballot definition is (supposed to be) just data, not a computer program. So how could it convey and install a new (fraudulent) vote-counting program onto the voting machine?
Voting machines designed in the 1980s (Shouptronic, AVC Advantage, AccuVote OS, Optech-III Eagle) store their programs in EPROM (Erasable Programmable Read-Only Memory). To install a new program, you need to remove the EPROM chips from the motherboard and install new ones. (Then you can reprogram and reuse the old ones using an EPROM “burner” device.) Those machines are not likely hackable through the Internet, even indirectly via corrupted EMS computers. (What if the EMS sends fraudulent ballot definition cartridges? This should be detectable through pre-election Logic and Accuracy testing, if it’s thorough. And in some cases it can be detected/corrected even after the election.)

Voting machines designed in the 1990s and 2000s took advantage of a new nonvolatile storage technology that we now take for granted: flash memory. They don’t use EPROMs to store the vote-counting program, it’s kept in flash. That flash memory is writable (reprogrammable) from inside the voting computer.

Almost any kind of computer needs a mechanism to install software updates. For most voting computers that use flash memory, the upgrade process is simple: install a cartridge that has the new firmware. For example, the Diebold AccuVote TS examines the ballot-definition cartridge; if there’s a file present called fboot.nb0 instead of (or in addition to) the ballot-definition file, then it installs fboot.nb0 as the new bootloader! Using this mechanism, it’s easy and convenient to install new firmware, but it’s also easy and convenient to install fraudulent vote-counting programs.
It’s not just the AccuVote TS that installs new firmware this way. This technique was industry-standard for all kinds of equipment (not just voting machines) in the 1990s. We can assume that it’s used on all voting computers that use flash memory. (One might imagine–one might hope–that after the voting-equipment industry came to understand this issue by reading the Feldman et al. paper, they would use a cryptographic authentication mechanism to accept only digitally signed firmware updates. But since the voting-equipment designers undoubtedly connect their own computers to the Internet, determined hackers could infiltrate and steal the signing keys.)
Some recent voting machines use PDF files as part of ballot definitions; PDF can contain all sorts of executable content through which hack attacks can be mounted.
For more information . . .
You can find out what voting machines are used in your state and county, and you can also find descriptions of the voting machines. And remember, those paper ballots only protect against hacking if someone actually looks at (some of) them in an audit.

https://freedom-to-tinker.com/2016/09/20/which-voting-machines-can-be-
hacked-through-the-internet
/

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

Wednesday, July 17, 2019 12:00 PM

6IXSTRINGJACK


Quote:

Originally posted by captaincrunch:
All of them.



I see you already beat me to it.

I've argued against the goddamned things ever since they came out.

Do Right, Be Right. :)

NOTIFY: Y   |  REPLY  |  REPLY WITH QUOTE  |  TOP  |  HOME  

YOUR OPTIONS

NEW POSTS TODAY

USERPOST DATE

OTHER TOPICS

DISCUSSIONS
China
Thu, March 28, 2024 22:10 - 447 posts
Biden
Thu, March 28, 2024 22:03 - 853 posts
Elections; 2024
Thu, March 28, 2024 21:07 - 2072 posts
Russia says 60 dead, 145 injured in concert hall raid; Islamic State group claims responsibility
Thu, March 28, 2024 21:02 - 54 posts
In the garden, and RAIN!!! (2)
Thu, March 28, 2024 17:24 - 3413 posts
Russia Invades Ukraine. Again
Thu, March 28, 2024 17:20 - 6155 posts
BUILD BACK BETTER!
Thu, March 28, 2024 16:32 - 9 posts
Well... He was no longer useful to the DNC or the Ukraine Money Laundering Scheme... So justice was served
Thu, March 28, 2024 12:44 - 1 posts
Salon: NBC's Ronna blunder: A failed attempt to appeal to MAGA voters — except they hate her too
Thu, March 28, 2024 07:04 - 1 posts
Russian losses in Ukraine
Wed, March 27, 2024 23:21 - 987 posts
human actions, global climate change, global human solutions
Wed, March 27, 2024 15:03 - 824 posts
NBC News: Behind the scenes, Biden has grown angry and anxious about re-election effort
Wed, March 27, 2024 14:58 - 2 posts

FFF.NET SOCIAL