Stories
Slash Boxes
Comments

SoylentNews is people

WINVote Voting Machines Used in Virginia Elections are Shockingly Insecure

posted by martyb on Thursday April 16 2015, @04:22PM   Printer-friendly
from the Bzzzt!-Bzzzt! dept.

hash14 writes:

The Virginia election commission, which is responsible for certifying whether machines are fit to be used in elections, has decertified the Advanced Voting Solutions WINVote and for many very good reasons. Amongst the many security flaws in this product are:

  • Weak administrator passwords such as "admin" or "abcde"
  • Use of an embedded version of Windows XP which hasn't been updated since 2004
  • Use of WEP for Wifi encryption
  • An absence of any firewall

Worse still, this machine has been used in actual elections and its lack of any logging or record-keeping means that we'll never know if its weaknesses were used to manipulate the outcome of an election. As a proof of concept, security researchers successfully demonstrated accessing the machine and manipulating the recorded vote counts.

 
This discussion has been archived. No new comments can be posted.
WINVote Voting Machines Used in Virginia Elections are Shockingly Insecure | Log In/Create an Account | Top | 35 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Friday April 17 2015, @05:14AM

    by Anonymous Coward on Friday April 17 2015, @05:14AM (#171891)

    > Missing from you scheme: auditability.

    That is what manual recounts are for.

    > counting low confidence scans (phase 2, 3rd bullet), I can buy the sole human you put in charge

    I really hate when people try to tear down ideas by playing dumb. Of course ambiguous votes would be inspected by a team with a member from every party.

    > So, the voter would need to get a voting receipt that she can use with a/the central system to validate it.
    > The receipt should contains a hash of her vote

    Not useful. For one thing, we don't currently have an analog equivalent and it's not a major problem, for a second if it were a significant attack vector the attackers would just fake out the hash, which as you've proposed it is nothing more than a serial number. Just because the system says "yes this serial number is in the system" doesn't prove that it was actually counted.

  • (Score: 2) by c0lo on Friday April 17 2015, @12:43PM

    by c0lo (156) on Friday April 17 2015, @12:43PM (#171991) Journal

    would just fake out the hash, which as you've proposed it is nothing more than a serial number. Just because the system says "yes this serial number is in the system" doesn't prove that it was actually counted.

    You lnow what a hash of the vote is? You take the serial of the ballot, concat the chosen option on the ballot and the timestamp, and apply a hash function [wikipedia.org]. You print that hash on a piece of paper (transparent plastics would be better) to act as a receipt which you hand to the voter (make it a QR code, if you like). The voter can ask the central system, based on the serial number of the ballot, to regenerate the hash on all the recorded info at any time: if any info was changed, there's no way the hash will be the same (if the hash is printed on on transparent plastic, the voter needs just to overlap it over an image on the screen for comparison).

    Not useful. For one thing, we don't currently have an analog equivalent and it's not a major problem

    But it's still a problem. Since you can use the very technology you proposed to address it, why not take the opportunity?

    --
    https://www.youtube.com/watch?v=aoFiw2jMy-0