Computer Scientists Take Over Electronic Voting Machine with New Programming Technique (Aug. 11, 2009) — Computer scientists demonstrated that criminals could hack an electronic voting machine and steal votes using a malicious programming approach that had not been invented when the voting machine was designed.

3-computerscieThe scientists employed “return-oriented programming” to force a Sequoia AVC Advantage electronic voting machine to turn against itself and steal votes.

The computer scientists had no access to the machine’s source code—or any other proprietary information—when designing the demonstration attack. By using just the information that would be available to anyone who bought or stole a voting machine, the researchers addressed a common criticism made against voting security researchers: that they enjoy unrealistic access to the systems they study.

The computer scientists showed that an attacker would need just a few minutes of access to the machine the night before the election in order to take it over and steal votes the following day.

The attacker introduces the demonstration attack into the machine through a cartridge with maliciously constructed contents that is inserted into an unused port in the machine.

The attacker navigates the machine’s menus to trigger the vulnerability the researchers found. Now, the malicious software controls the machine. The attacker can, at this point, remove the cartridge, turn the machine’s power switch to the “off” position, and leave. Everything appears normal, but the attacker’s software is silently at work.

When poll workers enter in the morning, they normally turn this type of voting machine on. At this point, the exploit would make the machine appear to turn back on, even though it was never actually turned off.

They overwrote the computer’s memory and state so it does what they want it to do, but if you shut off the machine and reboot from ROM, the exploit is gone and the machine returns to its original behavior.

Leave a Reply

Your email address will not be published. Required fields are marked *