At Def Con — an annual hacking conference held in Las Vegas — hackers were given the rare chance to crack into US voting machines. It took one person just 90 minutes to hack in and vote remotely on one of the machines.
http://www.businessinsider.com/def-con-hacker-voting-machine-election-hacking-2017-7Jake Braun, a former White House liaison to the Department of Homeland Security and another one of the event’s organizers, told Reuters that he hopes the convention will dispel claims from many of the companies that make the machines that they are “unhackable.”
“There’s been a lot of claims that our election system is unhackable. That's BS,” Braun said. “Only a fool or liar would try to claim that their database or machine was unhackable.”
"All of these machines are known to be hackable. This is about education." #VotingVillage@defcon
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
Over the weekend, hackers have the opportunity to tinker with voting machines that are still used in US elections. Hackers have the freedom to test how the machines can be manipulated remotely or physically through their hardware.
Machines in the #VotingVillage include: Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winvote, and Diebold Expresspoll 4000
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
According to the official Twitter page of the event, one hacker was able to gain complete remote control of the operating system of a WINVote machine, including election data, in around an hour and a half.
Greetings from the Defcon voting village where it took 1:40 for Carsten Schurmann to get remote access to this WinVote machine. pic.twitter.com/1Xk3baWdxv
— Robert McMillan (@bobmcmillan) July 28, 2017
90 min after doors open: Complete remote control on the operating system level of the Winvote voting terminal (including election data).
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
The "security" of these WINvote machines is so bad. Running WinXP, autorun enabled and hard-coded WEP wifi password. pic.twitter.com/AlOiAPcRra
— Victor Gevers (@0xDUDE) July 28, 2017
...But I thought no voting machines had wireless access? Oops. #VotingVillage
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
Hackers also posted updates that they were able to break into Diebold machines and e-polling software within an hour.
Voter database where 1=0?? #VotingVillagepic.twitter.com/ECyuWiGTUv
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
On the e-pollbook front: internal data structure already discovered and reverse engineered within an hour. #VotingVillage
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
At one point, the organizers set up a competition, splitting the group into a blue team that defended a mock Board of Elections network and voter registration database, and a red team that attempted to breach them.
Harri Hursti officially starting the voting machine hacking competition #defcon25pic.twitter.com/yCLpt7DYqo
— Alfredo Ortega (@ortegaalfredo) July 28, 2017
Hackers at the event also heard from security experts and others who are working to keep election systems safe from outside influence.
"The link between the voter and elected officials cannot be broken" Amb Lute @defcon#votingvillagepic.twitter.com/M72fTwEUej
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
Fmr. US-NATO Amb. Doug Lute: "Thanks @defcon@thedarktangent & hacker community for raising critical nat sec issue w/the @VotingVillageDC
— DEFCON VotingVillage (@VotingVillageDC) July 28, 2017
David Jefferson, talking about the complexity of election information systems @VotingVillageDCpic.twitter.com/ZXygBegCGd
— Joseph Lorenzo Hall (@JoeBeOne) July 28, 2017
Blaze said that he hopes the event will also raise awareness about the vulnerabilities of voting machines, and the need for more security.
This year's voting machine village seems like the most important and consequential thing Defcon has ever done.
— Ryan Lackey (@octal) July 28, 2017
At Def Con — an annual hacking conference held in ... (