Security Researchers Hack Online Voting System

Your Bitemaster has long been suspicious of electronic voting. Turns out he was prescient . . .

“The researchers, graduate students Eric Wustrow and Scott Wolchok, Dawn Isabel of the U-M technical staff, and Prof. Halderman, released the technical details in their paper entitled, “Attacking the Washington, D. C. Internet Voting System.”

In the paper, the researchers describe how they examined the code for the system and found a shell-injection vulnerability, exfiltered data, and created a compiler that substituted malicious ballots for genuine ones. In addition, they were able to steal the cryptographic secrets used in balloting secrecy, steal the key to replace past and future votes, and unearth 937 pages of supposedly secret passwords that actual voters were mailed to give them access to the system. They modified the system to play the Michigan fight song on the thank you page after each ballot was cast. Finally, they sanitized system logs to cover their tracks. Of additional interest, the researchers were able to take over the security cameras that monitored the voting system server. They also detected and defended against an additional attack on the system that they trace to the Persian Gulf region.”

Learned about this thanks to Alan Flacks: Security Researchers Publish Details of Online Voting Hack.

Leave a Reply

Your email address will not be published.