At DEF CON, American voting terminals were hacked in 90 minutes

Electronic voting is a good thing. There are no pieces of paper that the special commission checks for hours, no ballot boxes, nothing. Modern technologies make it possible to get rid of the confusion that usually prevails at polling stations and more or less streamline the voting process. But since electronic terminals are used here that are connected to the network, then there is a far non-zero probability of hacking these devices.

And this is not just a guess. At DEF CON , information security specialists in Las Vegas were able to crack these terminals in just an hour and a half, and the operation took even a little less time. These systems were used during the recent presidential election campaign, during which Donald Trump won.

The terminal was hacked remotely, wirelessly. According to cybersecurity experts, all of this clearly indicates the vulnerability of such devices. “There is no doubt that our voting systems are weak and vulnerable. Thanks to the efforts of our hacker community, we have learned a lot of new things, ” said one of the project participants, who proposed the idea of ​​hacking terminals to DEFCON founder Jeff Moss last year.
')
As far as one can understand, the experts did not experience any problems when hacking the system. After the results were demonstrated, one of the burglars stated the following: “The most frightening thing is that our foreign opponents, including Russia, North Korea and Iran, are quite able to break such terminals ...”


Voting devices that were used to test for vulnerabilities were purchased at eBay and various government auctions. Some of the systems use outdated software, such as un-patched OpenSSL, Windows XP and CE operating systems. As part of the systems there is the ability to install third-party software.


Another problem is that almost all such terminals are equipped with wireless communication modules, including WiFi. And just WiFi in this case is poorly protected from outside interference, because besides WEP there is no longer any protection. Researchers have discovered MS03-026 open vulnerability in some of them. Thanks to her presence, one of the crackers with DEFCON was able to access the terminal from his laptop using RDP. Another system was also hacked remotely because its software, OpenSSL, contained an unclosed CVE-2011-4109 vulnerability .


According to hackers, now in the US not all terminals from those tested on DEFCON are used. Some models are no longer included in the list of relevant devices, so you should not panic. But nevertheless, it is worth preparing more seriously for the next elections, which will be held in more than 3 years, considering the possibility of hacking.

Let me remind you that in January of this year, the elected President of the United States, Donald Trump, signed a decree on the establishment of a special commission that should study the course of the 2016 election campaign. This commission should pay maximum attention to the possible interference of outside forces in the course of elections in the country. The commission is headed by Vice President Mike Pence. He has already stated that he expects a lot from “studying the procedures for registering voters and the voting itself, which was used during the elections.”

Trump himself had previously stated that interference with the US election is very likely. He also said that in the future this probability should be eliminated so that the elections would be open and transparent: “We need a better system with which this (interference of third forces - ed.) Cannot happen.”

In general, e-voting systems should be maximally protected from hacking, including both wireless access and the ability to connect any hardware modules with further installation of third-party software. If we talk about paper voting, this is not the most reliable process, in this case it is difficult to control anything. But e-voting can really be made more reliable.