At Def Con — an annual hacking conference held in Las Vegas — hackers were given the rare chance to crack into US v****g machines. It took one person just 90 minutes to hack in and v**e remotely on one of the machines.
http://www.businessinsider.com/def-con-hacker-v****g-machine-e******n-hacking-2017-7Jake Braun, a former White House liaison to the Department of Homeland Security and another one of the event’s organizers, told Reuters that he hopes the convention will dispel claims from many of the companies that make the machines that they are “unhackable.”
“There’s been a lot of claims that our e******n system is unhackable. That's BS,” Braun said. “Only a fool or liar would try to claim that their database or machine was unhackable.”
"All of these machines are known to be hackable. This is about education." #V****gVillage@defcon
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
Over the weekend, hackers have the opportunity to tinker with v****g machines that are still used in US e******ns. Hackers have the freedom to test how the machines can be manipulated remotely or physically through their hardware.
Machines in the #V****gVillage include: Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winv**e, and Diebold Expresspoll 4000
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
According to the official Twitter page of the event, one hacker was able to gain complete remote control of the operating system of a WINV**e machine, including e******n data, in around an hour and a half.
Greetings from the Defcon v****g village where it took 1:40 for Carsten Schurmann to get remote access to this WinV**e machine. pic.twitter.com/1Xk3baWdxv
— Robert McMillan (@bobmcmillan) July 28, 2017
90 min after doors open: Complete remote control on the operating system level of the Winv**e v****g terminal (including e******n data).
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
The "security" of these WINv**e machines is so bad. Running WinXP, autorun enabled and hard-coded WEP wifi password. pic.twitter.com/AlOiAPcRra
— Victor Gevers (@0xDUDE) July 28, 2017
...But I thought no v****g machines had wireless access? Oops. #V****gVillage
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
Hackers also posted updates that they were able to break into Diebold machines and e-polling software within an hour.
V**er database where 1=0?? #V****gVillagepic.twitter.com/ECyuWiGTUv
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
On the e-pollbook front: internal data structure already discovered and reverse engineered within an hour. #V****gVillage
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
At one point, the organizers set up a competition, splitting the group into a blue team that defended a mock Board of E******ns network and v***r r**********n database, and a red team that attempted to breach them.
Harri Hursti officially starting the v****g machine hacking competition #defcon25pic.twitter.com/yCLpt7DYqo
— Alfredo Ortega (@ortegaalfredo) July 28, 2017
Hackers at the event also heard from security experts and others who are working to keep e******n systems safe from outside influence.
"The link between the v**er and elected officials cannot be broken" Amb Lute @defcon#v****gvillagepic.twitter.com/M72fTwEUej
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
Fmr. US-NATO Amb. Doug Lute: "Thanks @defcon@thedarktangent & hacker community for raising critical nat sec issue w/the @V****gVillageDC
— DEFCON V****gVillage (@V****gVillageDC) July 28, 2017
David Jefferson, talking about the complexity of e******n information systems @V****gVillageDCpic.twitter.com/ZXygBegCGd
— Joseph Lorenzo Hall (@JoeBeOne) July 28, 2017
Blaze said that he hopes the event will also raise awareness about the vulnerabilities of v****g machines, and the need for more security.
This year's v****g machine village seems like the most important and consequential thing Defcon has ever done.
— Ryan Lackey (@octal) July 28, 2017
At Def Con — an annual hacking conference held in ... (