Stories
Slash Boxes
Comments
typodupeerror delete not in
  • Preferences

Hot Comments

Comments: 157 +-   Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking on Saturday November 21, @10:11PM

Posted by timothy on Saturday November 21, @10:11PM
from the old-ways-are-best dept.
government
privacy
security
After the report last week that Brazil's e-voting machines had withstood the scrutiny of a team of invited hackers, reader ateu writes with news that a hacker has shown that the Linux-based voting machines aren't perfectly safe; he was able to eavesdrop on them (translated from Portuguese) by means of Van Eck phreaking.
story

Related Stories

Submission: Brazilian breaks secrecy of electronic e-voting by ateu (1681842)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Brazilian Breaks Secrecy of Brazil's E-Voting Machines With Van Eck Phreaking 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • Honestly (Score:2, Insightful)

    by pieisgood (841871)
    What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes? Honest replies welcome.

    • Re: (Score:2)

      by sjames (1099)

      Copper mesh or metal plating on the case tied to the ground. Chokes on all connections. If touchscreen, you could be screwed since it might not like a copper mesh but if it isn't covered it becomes an emitter.

      • In addition to a Faraday cage as you suggest, the NSA recommends scrambling the least significant bit of the image to increase the difficulty of descrambling.

        • Re: (Score:3, Informative)

          by sjames (1099)

          Good pictures. It looks like a newer version could be made to limit the emissions quite nicely. It might also be possible to retrofit the existing machines with shielding including a false front to extend the keypad buttons (but not the switches) through the shield.

          At the busiest polling places it probably wouldn't be as much problem as many people would be using many identical machines at once. It would be hard to know who did what.

          A tone generator connected to a transmitter might be able to simply jam the

    • Re:Honestly (Score:5, Funny)

      by Anonymous Coward on Saturday November 21, @10:19PM (#30190626)

      It's simple. just throw out the person with the radar dish, oscilliscope, and notepad.

      • Re:Honestly (Score:5, Informative)

        by icebike (68054) on Sunday November 22, @03:11AM (#30191864)

        Exactly so.

        The equipment to carry out this snooping is easily spotted, and more easily foiled.

        With more than one voting station in the room, said eaves dropper could never distinguish one vote from the other, and could certainly not CHANGE the results.

        You would be better able to guess how persons voted by the color of their tie. http://www.tie-necktie-video.com/tie-color.html [tie-necktie-video.com]

      • Re: (Score:3, Insightful)

        by mspohr (589790)
        You could also view votes with a video camera in the ceiling and it would also give you a picture of the top of the person's head to help with identification. This would also work to reveal paper ballots as well as electronic machines. Think of the children! You could also ask people how they voted when they left the polling place and most people would just tell you! Some would lie but only because you were ugly. In other news, most people don't vote; those who do vote are uninformed; and the only votes

    • Re:Honestly (Score:5, Interesting)

      by robbak (775424) on Saturday November 21, @10:29PM (#30190674) Homepage

      Several ideas. Of course, use LCDs, as the CRT circuitry is the bad one. Shield the data connections so they don't radiate too much. Make the connections that transmit unencrypted data short. Use low-contrast fonts, so the sharp edges do not cause large voltage (and therefore EMI) spikes. Randomise the low bits of data shown on the screen, so you create obfuscating noise.

      Maybe you have to go as far as have a white noise transmitter to mask what you cannot elimiate. Plenty of room to move. Good on them for having such a contest - it flushed out all the 'Ooh, I didn't think of that' problems.

    • Re:Honestly (Score:5, Insightful)

      by Opportunist (166417) on Saturday November 21, @10:32PM (#30190690)

      Easy. Take the machine, hollow them out, put a board in and use their shell as a guard from prying eyes for pen&paper voting. The manufacturers of the machines get the money and we get secure and anonymous voting.

    • Re: (Score:3, Informative)

      by mrmeval (662166)

      Not much really. While it is possible to effectively protect a device from such snooping it is very expensive due to the testing and handling requirements. I don't see it on the link but I think there is a commercial Tempest standard.

      http://www.eskimo.com/~joelm/tempestintro.html [eskimo.com]

      The page has good info and you can try the anti-Tempest fonts for a grin. It's based on the paper also referenced on that page.

      • The anti-TEMPEST fonts seem to have been withdrawn:

        Q: Where can I download low-pass filtered Soft Tempest fonts

        Unfortunately, the existing font display mechanics in operating systems does not make it possible to implement this protection technique simply by installing a new font file.

        For this reason, I am not providing any filtered font files.

    • Not only that, but no device will ever be "perfectly safe." That phrase doesn't appear in TFA, it shouldn't have been put in the summary. If someone has to resort to Van Eck phreaking just to eavesdrop on polling because an open hacking competition yielded no vulnerabilities, it sounds pretty darn safe. Publicizing the vulnerability is still a good thing, maybe someone will be able to come up with a reasonable defense, but it doesn't sound like a showstopper to me.

      • The reasonable defense is a simple enclosure with a door - line the enclosure and door with tempest. Each voter closes the door while they vote.

        Encrypted link back to head office, jobs done.

      • Re:Honestly (Score:4, Insightful)

        by Jafafa Hots (580169) on Sunday November 22, @02:03AM (#30191622) Homepage Journal

        Exactly. It's pretty safe. This shows that a random citizen is unlikely to give an election to Mickey Mouse on a whim.

        Instead it would take someone with significant knowledge and even serious funding to sway an election. Probably not just a someone, but even an organization.

        So the only way this could ever effect elections would be if there were an organization or group of conspiring individuals with significant monetary resources - AND for that group of people to feel that swaying an election would be in their interest - AND for that group of people to then be so immoral as to decide to do so.

        Clearly such a confluence of conditions is so wildly improbable that we can effectively rule out its possibility.

    • Cryptonomicon (Score:3, Interesting)

      by MichaelSmith (789609)

      What options do you have to protect your self from Van eck phreaking? Lead casing? Foil voting boxes?

      Honest replies welcome.

      Put rubbish on the screen and send all your actual output through the caps lock LED with xled.

      Not very useful outside in the real world, I know.

    • LCD screens are also sensitive... so I'd say maybe... Monochrome 640x480 LED Matrix and custom video chips.... or "Split-Flap type display" as seen here http://www.salient.com.au/products-splitflap.htm [salient.com.au] ... maybe some sort of adapted nixie tubes as seen here : http://www.vintagecalculators.com/html/calculator_displays.html#ColdCathode [vintagecalculators.com]

      • Split-flap displays make a little click when they change characters. Given some of the known words sequences that will be displayed, variations in the sound of each click, and variations in the timing due to the addressing of the characters, I'm sure complete displays could be reconstructed.

    • Re: (Score:2)

      by blueg3 (192743)

      The NSA Tempest guidelines are probably sufficient.

      Of course, the requirements are potentially made weaker by what you're eavesdropping. Tempest is written assuming that eavesdropping is a problem, but that's not true with voting -- it's only a problem if you are then able to associate votes with individuals.

    • Randomize the image for each voting.

      This will make it a lot harder to decide the selection for each individual voter since the image will be different for each voter.

      So - yes you may be able to recognize that a voted did make a selection but you won't know what the selection really was unless you have some very expensive equipment.

      And as a voter I wouldn't be too worried about that kind of eavesdropping. Who besides the authorities would really be interested in the vote of an individual person bad enough to

  • Whew, that was a close one... (Score:4, Insightful)

    by robwgibbons (1455507) on Saturday November 21, @10:23PM (#30190640)
    "Listening in" and actually breaking the security of the machine are two entirely different things. What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll. As far as I see it, the machine's security has still yet to be bested.

    • Re:Whew, that was a close one... (Score:5, Insightful)

      by Animaether (411575) on Saturday November 21, @10:59PM (#30190792) Journal

      What's the most someone could do with this exploit? Basically it just allows for a more accurate exit-poll.

      Basically.. all of the reasons you want voting to be done anonymously apply here.

      If you can couple the emissions at the location of the machine with the emissions from a particular user - say, their mobile phone's signature - then you can go back to forcing people to vote for X and make sure that they do, roughing them up as an example to the others you told to vote for X if you detected a vote for Y instead, without a need to plant something on them or leaving any trace.

      In theory, anyway.

      • No technology will prevent that (Score:4, Insightful)

        by lwoggardner (825111) on Sunday November 22, @12:26AM (#30191184)
        Not to say that secrecy isn't important, but once it requires a certain level of technology to eavesdrop then surely you just pick some random people and rough them up anyway telling the people you are intimidating that you have this "magic" eavesdropping technology.

    • Re: (Score:3, Insightful)

      by Vellmont (569020)


      What's the most someone could do with this exploit?

      Uhh.. find out who someone voted for? All you need is two people, one in the polling place and someone else with one of these devices. If I really have to try to convince you of the value of secret votes, I give up.

    • Re: (Score:3, Insightful)

      by coppro (1143801)
      The issue is one of anonymity. Someone could (comparatively) easily phreak a machine when a specific person walks into the polling booth so that they could determine that person's vote. The integrity of the results is not compromised, however; there is no threat of vote-stuffing or fraud.

    • Use it as feedback to calibrate a separate vote rigging operation. If your guy wins by 20% an investigation may be triggered. If he wins by 2% you may be in the clear. So how do you gauge the real vote, while there is still time to cast face votes?

    • Perhaps you read too quickly. "Secrecy," not "security." There are plenty of responses explaining the importance of secret ballots.

    • Re: (Score:3, Interesting)

      by synthespian (563437)

      What's the most someone could do with this exploit?

      A little context is needed in order to further explore this point. Brazil is a huge country, of continental dimensions. Voting is a mandatory civic duty (except for older citizens). In the remote and impoverished areas, intimidating voters or buying votes was a common, widespread practice, constituting what is termed an "electoral corral", that helped maintain veritable "political dynasties" in these areas for decades. One of the selling points of electroni

  • Physical Security (Score:4, Interesting)

    by tetsukaze (1635797) on Saturday November 21, @10:25PM (#30190656)
    So the cheap devices he used only worked inches away. A more powerful device might work up to 20 meters away. Now, I assume a more powerful antennae is going to mean a bigger one. Isn't this going to stand out? I would hope that there is someone in charge that would notice a foot long antennae being pointed at voting areas. You can secure the machine itself, but if you don't have real people doing their part, it doesn't matter how secure your voting machine is.

    • Re:Physical Security (Score:4, Insightful)

      by Sarten-X (1102295) on Saturday November 21, @10:39PM (#30190718) Homepage

      If an attacker were able to access the voting location enough to install an unnoticeable antenna, I'd be more concerned with small cameras. Even a large antenna in a nearby building would require somebody watching to see who was using which voting machine, in order to pose any real threat.

  • I'm not yet at "how do we get e-voting secure?". I'm still puzzled by the question "why the f. do we need it?"

    • Would you like supporters of 'the major', beef/soy barons and priests 'transporting' your vote over a few days?
      In some parts of the world they do learn about democracy after right-wing military dictatorships.
      In others they just trust election solutions provided by an ATM maker.
      When their boss is exposed on wikipedia, they go back in using the company IP's and try to "Soviet" out the references to the CEO's fund-raising.

    • Easier for the disabled. Easier to support multiple languages. Easier to have duplicate copies so you can't be surprised and "find" a box of ballots in a warehouse later. Less ambiguity in regards to intention (see Minnesota's Senate race.)

    • Because it's more convenient and the count should be more reliable. If it's secure, that should be enough.

    • Re: (Score:3, Interesting)

      by Onymous Coward (97719)

      Among the others, enabling a non-FPTP system.

      If anyone isn't aware of how FPTP has hosed democracy, they should start here [wikipedia.org].

      The primary concern I recognize is that FPTP collapses your system into a two-party system and makes third parties non-viable. Just try voting for Nader or Kucinich.

  • E-paper (Score:4, Interesting)

    by MDMurphy (208495) on Saturday November 21, @10:36PM (#30190706) Homepage

    Besides all the shielding options, perhaps this is a good use for E-paper displays? The persistent nature of the display would minimize the constant refreshing. The slow screen response would be unlikely to be an issue with a ballot.

  • This happened with the Dutch in 2006 (Score:5, Informative)

    by JoshuaZ (1134087) on Saturday November 21, @10:51PM (#30190764) Homepage
    As discussed here in 2006, the Dutch had to modify their voting machines back in 2006 due to exactly this sort of attack. http://politics.slashdot.org/article.pl?sid=06/10/14/1641239 [slashdot.org]

    • Re:This happened with the Dutch in 2006 (Score:5, Interesting)

      by RAMMS+EIN (578166) on Sunday November 22, @12:05AM (#30191084) Homepage Journal

      That's only part of the story.

      The voting machines were vulnerable to more than just eavesdropping, although eavesdropping was the official story from the government and also what most of the press was about.

      However, the voting machines have since been banned. The latest elections were held with paper and pencil. It's good that way.

      Now if people would only understand this ...

  • If we could somehow reach a level where e-voting was secure, think of the possibilities. The people might actually be heard! Now whether you think that is a good thing or not, I leave as an exercise for the reader. But what I'm trying to say is, imagine voting from your home computer on issues that matter to you. No longer will your representatives be able to hand wave about what their constituency wants, heck, you might not even need representatives.

    • Re: (Score:3, Interesting)

      by nietsch (112711)

      You just overlooked one small issue: voter turnout is already a problem in most democracies, as it is somewhat boring to vote for things your are not that interested in. If there were more elections, you would have to vote each week. Nobody is going to keep doing that, as most people do not see it as their job, and it is a process with very little positive feedback. So only the zealots and paid shills will remain, thus making your country run by big money and zealots with a nutty agenda. Not unlike the US i

  • As a person in the infosec field (Score:5, Insightful)

    by seifried (12921) on Sunday November 22, @01:25AM (#30191454)
    This is why I love the Canadian method: paper with circles, make an "X" in the circle you want, fold the paper and put it in the ballot box. Good luck hacking that on a large scale (what with scrutineers from multiple parties watching the election and the count and each other, plus the people there as independent scrutineers watching everyone else), and monitoring it (little cardboard voting booth on a table, voila, privacy. The only argument I could imagine is finger prints on the ballots, but you can wear gloves if you want.

  • Dumb question... (Score:2, Insightful)

    by EricX2 (670266)

    Why does the electronic voting machine have to be a touch screen? Why not a list of the options with buttons with an LED in them that light up when you press the button? The list could be on a separate display next to the buttons but nothing changes therefore the 'van eck phreaker' would only get the data on the screen, not the option picked... but I have no knowledge of this sort of stuff.

    Maybe some places do that, but where I live we do vote by mail.

    • Because people are stupid.

      ~Sticky

    • Re: (Score:3, Informative)

      by dlgeek (1065796)
      North Carolina used to use a system like that, a long time ago. (I remember my parents taking me with them when they voted, I got to help my mom submit her ballot, it must have been back in '96). However, the main draw of e-voting is accessibility: the ability to have high contrast and/or large size fonts, computer reading the ballot out loud, etc. This isn't possible with the equipment you describe.

    • Re: (Score:3, Informative)

      by C0vardeAn0nim0 (232451)

      because here in brasil we don't have voting districts, so in state and federal elections, a candidate from santos (a sea-side city in sao paulo state, some 80 km east of the state capital) can receive votes from people in ribeirão preto (a city 400 km west of the capital). this makes the candidate lists for federal and state deputies something in the thousands.

      our voting system uses numbers. each party is assigned a number (ex. PP=11, PDT=12, PT=13, etc.) and every candidate have a number prefixed with

  • It's not a practical approach (Score:3, Interesting)

    by SlappyBastard (961143) on Sunday November 22, @09:29AM (#30193144) Homepage

    While in principle it is a good method for snooping a single monitor, it would take a ton of disentangling signals to read every monitor consistently at a polling place from any distance. It is not a practical way to screw with an election, considering that any party willing to snoop this aggressively is probably willing to do a lot more than just snoop.

    Frankly, it shows just how effective Brazil's security measures are that hackers have to go this deep into the playbook to get even one sort of result.

    • Re:Van Eck Phreacking will always exist (Score:5, Insightful)

      by Frankie70 (803801) on Sunday November 22, @01:04AM (#30191358)

      If your country really is free (something that Brazil is good at) there is no problem telling everybody who you voted on..
      Vote's anonymity only makes it easier to fake elections.

      Don't be silly.
      Secret ballot is one of the cornerstones of democracy.

      In a secret ballot, you don't get bribed to vote for a particular person because you can
      always say you voted for him while voting for him.
      Likewise, about getting pressured about voting for someone.

      • In a secret ballot, you don't get bribed to vote for a particular person because you can
        always say you voted for him while voting for him .
        Likewise, about getting pressured about voting for someone.

        Meant to write - "while voting for someone else".

          • Re: (Score:3, Interesting)

            by TheLink (130905)
            The people who think that secrecy matters so much are the ones living in a dream world.

            In many of those countries, the secrecy of your vote hardly matters anyway. After all, they've already done most of the voting for you.

            You might even get your hands chopped off for just daring to show up to vote.

            In places where you can have voter intimidation without the police stepping in (or the police being the culprits), secrecy of your vote is not much of a concern.

            And in some countries the voting system is so fast a
Search
A great many people think they are thinking when they are merely rearranging their prejudices. -- William James

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2010 Geeknet, Inc.