At the 26th Annual DEFCON Conference in Vegas last week, attendees were reminded of US election infrastructure being susceptible to ulterior motives, by an alarming video posted on Twitter.
Thank you for covering @defcon @VotingVillageDC @inversedotcom! You’re helping to bring awareness to an important security issue that will hopefully lead to a more secure election. https://t.co/FgCjAWdVoX
— Rachel Tobac (@RachelTobac) August 14, 2018
Rachel Tobac, CEO of SocialProof Security demonstrated on her Twitter status about the voting machines hacked in under two minutes. SocialProof Security provides assessments for social engineering based security. Social engineering involves tricking people into giving up information that lets hackers bypass physical and computer security systems. It’s most commonly done with a simple phone call, talking to a tech support agent into resetting a password or getting information about a company’s network by asking an unwary staffer few leading questions.
Tobac explained that accessing the voting machine’s admin function is synonymous toopening the hood of a car with a release button, unplugging the card reader, picking a lock and turning on a machine with a ballpoint pen.
The model of voting machine used was the Premier AccuVote TS or TSX which is used in more than 18 states for elections.
Jack Braun, organizer of the Voting Village commented to the Wall Street Journal, “This is not the cyber mature industry.”
While the National Association of Secretaries of State, one of the biggest providers of election supplies in the US, issued a statement discrediting the hackers: “Our main concern with the approach taken by DEFCON is that it uses a pseudo environment which in no way replicates state election systems, networks, or physical security,” it said.
“Providing conference attendees with unlimited physical access to voting machines,” NASS said, “does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day.”
This is the second year in a row where DEFCON have hacked election systems with the Voting Village. Other experiments included an 11 year girl old hacking a replica of Florida secretary of state website and changing the results in 10 minutes.
There were suggestions to use blockchain based voting systems to maintain the integrity of elections. Regardless of its implementation this is an area of concern and should be addressed to alleviate tampering of future elections.
Also published on Medium.