Kapuria says attacks can accomplish three things. First, the actual vote count could be altered, but probably not on a scale to alter the outcome. Second, compromising a smattering of machines could create chaos among the electorate by casting doubt on results. And third, contaminated East Coast election results reported to news outlets could alter on a large scale whether and for whom West Coast voters cast ballots.
Varner bought an actual voting machine on an online auction site for less than $200, including shipping, using his own name and having it mailed to his home without identifying himself as a Symantec employee. That was to show that an average person with not tech security connections could buy one.
He bought commercially available reprogramming devices for $15 that let him reset the chips embedded in voter ID cards so one person could vote more than once. It could also permanently alter the chips so that when voting officials reprogrammed them to be used by other voters, they would register with the voting machine as if the same person voted over and over again.
A chip card manufacturer told him it could print them with whatever design he wanted on them, including official state seals, so it would be possible to substitute real ones with ones made by attackers but that looked similar.
Varner says voting machines use storage devices – essentially USB sticks – that perform two legitimate functions: uploading the ballots voters see on the screens and downloading the actual votes cast in the machines. These devices are plugged into each machine then manually connected to tallying devices to tote up the votes cast at all the polling places in a county, for example.
He was able to buy one and compromise it, which means an attacker could alter the ballot or have the machine count a vote for Candidate A when the voter actually pressed the button for Candidate B. The data on the storage devices was not encrypted.
Also, since the device is handled by a person between the voting machine and the tally device, it could be compromised or altered in any number of ways en route between the devices, he says. Voting machines in some states don’t print out paper tallies, so there is no way to check whether the tally recorded by individual voting machines matches the number of votes reported to the tallying device. “There’s no way to do a recount,” he says.
Some say that voting machines are not connected to the internet, but he found that some voting machines are Wi-Fi enabled so that they could be connected to the internet by an attacker. Even if they don’t have Wi-Fi, the votes could be compromised by an ambitious hacker if an upstream device, such as the tallying server, can be connected to the internet, Varner says.
Sign up for CIO Asia eNewsletters.