Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Thursday April 16 2015, @04:22PM   Printer-friendly
from the Bzzzt!-Bzzzt! dept.

The Virginia election commission, which is responsible for certifying whether machines are fit to be used in elections, has decertified the Advanced Voting Solutions WINVote and for many very good reasons. Amongst the many security flaws in this product are:

  • Weak administrator passwords such as "admin" or "abcde"
  • Use of an embedded version of Windows XP which hasn't been updated since 2004
  • Use of WEP for Wifi encryption
  • An absence of any firewall

Worse still, this machine has been used in actual elections and its lack of any logging or record-keeping means that we'll never know if its weaknesses were used to manipulate the outcome of an election. As a proof of concept, security researchers successfully demonstrated accessing the machine and manipulating the recorded vote counts.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Interesting) by SubiculumHammer on Thursday April 16 2015, @05:06PM

    by SubiculumHammer (5191) on Thursday April 16 2015, @05:06PM (#171649)

    Criminal.
    It is worth repeating.

    • (Score: 5, Funny) by mhajicek on Thursday April 16 2015, @05:58PM

      by mhajicek (51) on Thursday April 16 2015, @05:58PM (#171676)

      But they're so much more convenient! It used to be that voting officials would have to physically swap out boxes of ballets and dispose of the originals.

      --
      The spacelike surfaces of time foliations can have a cusp at the surface of discontinuity. - P. Hajicek
      • (Score: 2) by captain normal on Thursday April 16 2015, @08:47PM

        by captain normal (2205) on Thursday April 16 2015, @08:47PM (#171726)

        Not to mention saving the the hassle of going into all those graveyards and copying down names to register.

        --
        When life isn't going right, go left.
        • (Score: 0) by Anonymous Coward on Friday April 17 2015, @12:34PM

          by Anonymous Coward on Friday April 17 2015, @12:34PM (#171989)

          So you advocate discrimination against the dead? :-)

  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @05:17PM

    by Anonymous Coward on Thursday April 16 2015, @05:17PM (#171657)

    Not only is security a concern, but the fact that the government is making use of proprietary software here is disgusting. They should be using free software.

    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @06:34PM

      by Anonymous Coward on Thursday April 16 2015, @06:34PM (#171685)

      consider using caps for Free Software. Otherwise, you can't really blame people for thinking you mean gratis software.

      • (Score: 2, Insightful) by Anonymous Coward on Thursday April 16 2015, @06:56PM

        by Anonymous Coward on Thursday April 16 2015, @06:56PM (#171691)

        I wonder why it isn't 'Freedom Software'.

        • (Score: 3, Interesting) by hendrikboom on Thursday April 16 2015, @07:25PM

          by hendrikboom (1125) Subscriber Badge on Thursday April 16 2015, @07:25PM (#171695) Homepage Journal

          Maybe we should start calling it that systematically.
          It might catch on.
          Start the meme.

          -- hendrik

        • (Score: 2) by Wootery on Friday April 17 2015, @04:31PM

          by Wootery (2341) on Friday April 17 2015, @04:31PM (#172095)

          Somewhat catchier than software which is free-as-in-freedom, but I don't feel it really works.

          Freed software suffers the same problem.

  • (Score: 5, Insightful) by Freeman on Thursday April 16 2015, @05:20PM

    by Freeman (732) on Thursday April 16 2015, @05:20PM (#171660) Journal

    I would call it more shocking that someone found the issues and actually Did something about it.

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    • (Score: 5, Interesting) by Mr Big in the Pants on Thursday April 16 2015, @07:41PM

      by Mr Big in the Pants (4956) on Thursday April 16 2015, @07:41PM (#171704)

      To quite frank it would appear that this machine was willfully insecure.

      I mean it has so many easily available back doors it is like....ok not going to go there.

      I mean does anyone actually believe that such a machine was created that way by accident?

      No logs or records!? WinXP!?

      Seriously?

      So in other words, not shocking at all since it was made at the behest of obviously corrupt officials.

      • (Score: 3, Interesting) by Hairyfeet on Thursday April 16 2015, @10:41PM

        by Hairyfeet (75) <{bassbeast1968} {at} {gmail.com}> on Thursday April 16 2015, @10:41PM (#171765) Journal

        I believe the saying is "Never ascribe to malice that which is adequately explained by incompetence." Patches cost money, updating your embedded OS costs money, and as long as you can get away with doing neither you increase your profits. Hell we have seen the same thing in pretty much every use of an embedded OS, how many times have we seen big name routers get pwned because they were using some ancient Linux kernel or Busybox tools that had been exploited years ago?

        The moral of the story is if a company can get away with doing as little as possible? They will as it increases profits.

        --
        ACs are never seen so don't bother. Always ready to show SJWs for the racists they are.
        • (Score: 2) by Mr Big in the Pants on Thursday April 16 2015, @11:17PM

          by Mr Big in the Pants (4956) on Thursday April 16 2015, @11:17PM (#171775)

          That is a rule of thumb not a fundamental law of the universe...

        • (Score: 3, Funny) by stormwyrm on Friday April 17 2015, @04:37AM

          by stormwyrm (717) on Friday April 17 2015, @04:37AM (#171881) Journal

          No the saying that is most apropos to this situation is: "Any sufficiently advanced incompetence is indistinguishable from malice."

          --
          Numquam ponenda est pluralitas sine necessitate.
    • (Score: 3, Insightful) by Joe Desertrat on Friday April 17 2015, @01:40AM

      by Joe Desertrat (2454) on Friday April 17 2015, @01:40AM (#171832)

      I would call it more shocking that someone found the issues and actually Did something about it.

      The saddest thing about your post is that no one is probably even thinking about claiming it is not true.

  • (Score: 2) by Marneus68 on Thursday April 16 2015, @05:42PM

    by Marneus68 (3572) on Thursday April 16 2015, @05:42PM (#171669) Homepage

    > WINVote Voting Machines Used in Virginia Elections are Shockingly Insecure
    Not just insecure, but shockingly insecure? Maybe someone should just give then access to the internet so that they can start using twitter to complain about unreal standards of beauty and argue about racism on tumblr.

    https://www.youtube.com/watch?v=SKuE5-pEo2Y [youtube.com]

    • (Score: 4, Funny) by Alfred on Thursday April 16 2015, @07:26PM

      by Alfred (4006) on Thursday April 16 2015, @07:26PM (#171696) Journal
      Maybe shockingly insecure means that there are bare conductors or the metal case is tied to neutral instead of ground.
    • (Score: 4, Insightful) by Nobuddy on Thursday April 16 2015, @09:17PM

      by Nobuddy (1626) on Thursday April 16 2015, @09:17PM (#171733)

      Did you read the article? It is shocking. It would be bad on grandma's home computer. It is beyond belief that something as important as a voting machine has hardcoded 5 character passwords- much less easy to guess passwords - and all communicating via WEP to a home server that is equally insecure.

      It would have been shocking to hear this in 2004 when they were new. Now, 14 years later, every election they were used in is now suspect.

  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @06:54PM

    by Anonymous Coward on Thursday April 16 2015, @06:54PM (#171689)

    the election commision should be educated one way or another but i can imagine that even if they requested bids from multiple companies they would get these slaveware selling charlatans all professing how secure their machines were and since the commision's "computer person" couldn't tell the difference, they just went with the cheapest option. until Free Tech is taught to kids/in school, this culture of utter stupidity will continue. It's an actual matter of national security while the traitors in washington try to compromise the security of the whole nation's tech via backdoors and other treachery. all with the blessing of the moronic whores in congress.

    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @07:36PM

      by Anonymous Coward on Thursday April 16 2015, @07:36PM (#171701)

      The thing is even with 'free' you can *still* screw it up. Think about how many LG and Samsung TVs are out there. Now think about this. Many of them are 5-10 years old and have an equally old copy of linux running on them (for example my TV has not had an update in 4 years). What sort of security is in that?! Think how many routers out there that have 1-2 updates then are EOL. This is what 'normal' people buy.

      http://www.devttys0.com/2015/04/what-the-ridiculous-fuck-d-link/ [devttys0.com]

      The bases of many of routers is linux... I have been digging thru that particular blog because it has some pretty cool things on reverse engineering. I saw one a month or so ago on another blog of a dude who completely 100% rooted the bluray usb drive he had. As in he could run whatever code he wanted in the controllers and snoop the data right off the laser.

      The thing is we are asking people who do not even know what a computer hack is to buy hardware that needs to be secure and updates to keep it that way. They do not even know the right vocabulary to ask for the right things. Much less actually make it happen. Then on top of that have a dedicated very smart guy on staff to reverse engineer it and certify it.

      Like when I describe these things to my wife. She looks at me like I have a screw loose. I am not even using the same vocabulary as her when I talk to her about these sorts of things. We assume everyone is knowledgeable because we are. When the reality is we need to bring it to their level and they need to come up a bit to ours just so we can stress how bad these things are.

      • (Score: 2) by Nobuddy on Thursday April 16 2015, @09:19PM

        by Nobuddy (1626) on Thursday April 16 2015, @09:19PM (#171734)

        I am pretty sure your TV, if cracked, will not change the outcome of an election.
        you have to look at how much something should be secured when you want to compare them.

        • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @10:06PM

          by Anonymous Coward on Thursday April 16 2015, @10:06PM (#171754)

          My point is people are thinking of these things like appliances. You buy it and its done. When that is not even remotely true. These are the same people who buy things like a TV and figure its good for 10-15 years.

          Also personal security is just as important as some election. Most of the people that are elected are fairly corrupt anyway so it does not matter much which side of the coin you are voting for.

  • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @06:55PM

    by Anonymous Coward on Thursday April 16 2015, @06:55PM (#171690)

    Instead of dedicated terminals, install Windows 8 touchpads with custom software! :) :P

    But seriously, sounds like a classic case of people not competent or qualified to buy technology buying technology? (As in, "When will this platform become obsolete / how long can we expect to use it for?" and, "What's the support commitment on your product to remain secure?")

  • (Score: 2) by jcross on Thursday April 16 2015, @07:28PM

    by jcross (4009) on Thursday April 16 2015, @07:28PM (#171697)

    Does the name of this thing give anyone else the creeps? It's like "buy this machine to WIN votes!" Seems to me like in a better world voting machines would be branded to promote their fairness and accuracy, and would avoid suggesting any connection with who actually wins or loses.

  • (Score: 4, Informative) by CirclesInSand on Thursday April 16 2015, @07:40PM

    by CirclesInSand (2899) on Thursday April 16 2015, @07:40PM (#171702)

    If you've never seen a comparison of regulations of voting machines to slot machines, check out this image:

    http://imgur.com/gallery/v6m70 [imgur.com]

  • (Score: 2, Insightful) by Anonymous Coward on Thursday April 16 2015, @08:03PM

    by Anonymous Coward on Thursday April 16 2015, @08:03PM (#171709)

    No system is immune to rigging, not even hand-counting of paper ballots. But there is a way to do e-voting that minimizes the risk while still maximizing the benefits of e-voting (primarily ease of voting, ease of counting and reduced error rates like hanging chads).

    Its a two part process:
    part 1: the voting-machine
        . has a really good user-interface, different versions for people with different first languages,
                visual disabilities (like extra large fonts for people who need, etc).
        . prints completed ballot on paper in human-friendly (no barcodes, only shows minimum
                necessary data for selected candidates
        . but also OCR-friendly form - fonts, layout etc designed to minimize OCR errors
        . human visually checks paper ballot and inserts it into ballot box

    part 2: the vote counting machine
        . scans each ballot
        . high confidence scans are immediately tabulated
        . low confidence scans go to a human to visually inspect and manually count
        . all ballots marked with indeliable timestamp when tabulated (not necessarily when inserted into ballot box)
        . all ballots retained for recounts

    No additional automation can improve on the integrity of that process without also significantly increasing the risk of fraud

    • (Score: 0) by Anonymous Coward on Thursday April 16 2015, @09:29PM

      by Anonymous Coward on Thursday April 16 2015, @09:29PM (#171740)

      I have come to a similar conclusion. My method is slightly different and only uses one machine.

      Each voting machine is un-networked standalone and any IO (apart from that required to vote) is inside a physical locked safe (which the returning officer has the key to). The device has a card reader and physical context sensitive screen edge buttons (like an ATM)

      1) The voter enters the hall, their ID is checked against a register and they are given a card with a unique code (randomly).
      2) The voter scans there card and the machine assigns them an anonymous unique ID (AUID) (the value on the card). The card is retained but not destroyed.
      3) The voter selects usability (language) choices.
      4) The voter goes though and selects a choice for all ballots currently being run.
      5) A receipt ballot is printed and displayed to the voter though a secure transparent window.
      6) The voter uses a lever to move the ballot either to the "incorrect" [goto 7a] bin or the "correct" bin [goto 7b].
      7a) The ballot is made unreadable by moving the leaver and dropped into "incorrect" bin. User is taken to step 3.
      7b) The ballot falls into opaque "correct" bin.
      8) The machine stores in a sighned list the voters AUID, and choices and destroys there card (from step 1).

      At any time before step 5, the voter can press "cancel" and receive back there voting card.

      At the end of the voting session the returning officer downloads information from the machine to a secure device and collates all data from voting machines.
      The Returning officer reports these "initial" values though the same channels as current values are reported.

      Some machines are randomly selected after the voting and a manual count is performed on the printed values. These must tie up to the machine count within an acceptable margin of error (to allow for human error in counting.)
      or a full manual count is triggered.

      Any registered voter can demand a re-count.

      If the counts match within the human error bar the machine count holds.

      For close runs (within human error bar), a more elaborate counting structure may be used (i.e tripple counting to minimize error)

      Until recounts are completed the machine count holds, people can act as if elected on all matters except the voting procedure.

      The returning officer later confirms or resubmits counts.

    • (Score: 2) by c0lo on Thursday April 16 2015, @10:33PM

      by c0lo (156) Subscriber Badge on Thursday April 16 2015, @10:33PM (#171762) Journal

      Missing from you scheme: auditability.

      Is it necessary? Well, at multiple steps in your scheme an attack can be arranged (letting aside breaking the security of the computers).
      For instance, counting low confidence scans (phase 2, 3rd bullet), I can buy the sole human you put in charge as decider to swindle the votes my way and arrange a good proportion on scans to be "low confidence" (just runs some slightly greasy ballots through it, nothing a human would consider conspicuous).
      (I can imagine many other ways of attack, the above is only one example)

      Normally, the voter should be able to verify independently that her vote was not altered when it comes to counting. So, the voter would need to get a voting receipt that she can use with a/the central system to validate it. The receipt should contains a hash of her vote - to preserve the "vote secrecy" (she cannot prove how she voted to any 3rd party, to eliminate vote influence by directly buying them or by coercion).

      No additional automation can improve on the integrity of that process without also significantly increasing the risk of fraud

      For advanced topics, a suggested start for your research: end-to-end auditable voting systems [wikipedia.org]

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
      • (Score: 0) by Anonymous Coward on Friday April 17 2015, @05:14AM

        by Anonymous Coward on Friday April 17 2015, @05:14AM (#171891)

        > Missing from you scheme: auditability.

        That is what manual recounts are for.

        > counting low confidence scans (phase 2, 3rd bullet), I can buy the sole human you put in charge

        I really hate when people try to tear down ideas by playing dumb. Of course ambiguous votes would be inspected by a team with a member from every party.

        > So, the voter would need to get a voting receipt that she can use with a/the central system to validate it.
        > The receipt should contains a hash of her vote

        Not useful. For one thing, we don't currently have an analog equivalent and it's not a major problem, for a second if it were a significant attack vector the attackers would just fake out the hash, which as you've proposed it is nothing more than a serial number. Just because the system says "yes this serial number is in the system" doesn't prove that it was actually counted.

        • (Score: 2) by c0lo on Friday April 17 2015, @12:43PM

          by c0lo (156) Subscriber Badge on Friday April 17 2015, @12:43PM (#171991) Journal

          would just fake out the hash, which as you've proposed it is nothing more than a serial number. Just because the system says "yes this serial number is in the system" doesn't prove that it was actually counted.

          You lnow what a hash of the vote is? You take the serial of the ballot, concat the chosen option on the ballot and the timestamp, and apply a hash function [wikipedia.org]. You print that hash on a piece of paper (transparent plastics would be better) to act as a receipt which you hand to the voter (make it a QR code, if you like). The voter can ask the central system, based on the serial number of the ballot, to regenerate the hash on all the recorded info at any time: if any info was changed, there's no way the hash will be the same (if the hash is printed on on transparent plastic, the voter needs just to overlap it over an image on the screen for comparison).

          Not useful. For one thing, we don't currently have an analog equivalent and it's not a major problem

          But it's still a problem. Since you can use the very technology you proposed to address it, why not take the opportunity?

          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
  • (Score: 3, Interesting) by kaszz on Thursday April 16 2015, @11:27PM

    by kaszz (4211) on Thursday April 16 2015, @11:27PM (#171780) Journal

    These machines seems so flawed that it looks like someone intentionally made them weak such that any election can be rigged.

    • (Score: 0) by Anonymous Coward on Friday April 17 2015, @01:49AM

      by Anonymous Coward on Friday April 17 2015, @01:49AM (#171837)

      I was tempted to mod you "funny", but, you know, it is not....

  • (Score: 0) by Anonymous Coward on Friday April 17 2015, @04:51AM

    by Anonymous Coward on Friday April 17 2015, @04:51AM (#171886)

    Given the history of badly insecure voting machines, ATMs, POS systems and other devices which *should* be fundamentally secure made by various companies, are we really that shocked anymore?

    It all really looks more like standard operating procedure than accident or even negligence... to the point where the machines probably aren't even *supposed* to be secure... security just isn't even a basic feature/requirement in these types of machines.

  • (Score: 0) by Anonymous Coward on Friday April 17 2015, @09:07AM

    by Anonymous Coward on Friday April 17 2015, @09:07AM (#171950)

    How refreshingly democratic. Instead of making a voting machine where only the connected elite can manipulate the election, they made a machine where even the common people can do so.

  • (Score: 0) by Anonymous Coward on Friday April 17 2015, @12:31PM

    by Anonymous Coward on Friday April 17 2015, @12:31PM (#171987)

    What did they think that "WIN" in "WINVote" stood for? Of course it stands for:
    Weak passwords
    Insecure OS and networking
    No firewall