Researchers Demo Hardware Attacks Against India's E-Voting Machines 179
An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"
Security (Score:5, Insightful)
Any security professional, IT or otherwise, who ever says "impossible to break" in any of its forms, should be directly fired.
No discussion. No explanations. You blabber idiocies about your supposed area of expertise, you're fired.
Amazing findings (Score:2, Insightful)
Amazing work they've done here. They've proven that if you have intrusive access to the hardware, you can screw it up and do deviant shit. How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?
This article, like most of the front page needs "-1, Irrelevant".
Re:Amazing findings (Score:2, Insightful)
Your analysis neglects the basis of comparison, in which case is traditional voting methods on paper.
If you can walk in with a screwdriver to mess up an election with the electronic system but can't do the same to the paper method, then clearly there is some impact to security.
Re:Amazing findings (Score:3, Insightful)
the point here is that polling places can rig the machines just fine.
clever in key areas where a specific political party needs more votes to win.
kinda like how with diebold, republicans got overwhelming victories in predominantly democratic voting districts.
Re:Amazing findings (Score:3, Insightful)
How about you post an article when someone can walk into a polling place, hack a machine, and walk out without take a screwdriver or some large, obvious device to a voting machine?
So the possibility of bypassing democracy isn't worrying, as long as you put a full body scanner in front of each voting cabin?
Or you could limit the time that can be spent voting, and pray nobody finds a faster hacking method.
1...2...3... BAM! You're out. Vote faster next time.
Re:Security (Score:5, Insightful)
I doubt any IT professional would say that. Usually politicians and managers are the ones responsible for this kind of nonsense because they have no clue or just want to sell their product.
Politicians are generally untouchable, no matter what they say or how bad they screw up. And managers make sure the contract contains some fineprint along the lines of "we guarantee nothing" and "not really impossible to break".
So yea, nothing you can do about it.
Re:Secure e-voting (Score:4, Insightful)
Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.
And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?
Re:Secure e-voting (Score:3, Insightful)
Operators of the machines have to let inspectors validate the checksums on demand, and if it doesn't match then your gaming license gets revoked and the place closes down.
And how to you suggest to apply that system on an election environment? If the checksum doesn't match, you remove all votes from the voters who used that particular machine? You repeat the elections until no machine was tampered with?
Yes, sounds about right.
Re:Ultimate accountability (Score:2, Insightful)
Re:Ultimate accountability (Score:4, Insightful)
Please understand that I think the undermining of the democratic process is a crime which should carry a special sentence, but more along the lines that you can't run for office for X years (like any felon I believe). But the problem is always the same: the cheater won and is now in charge.
I think the only way to guarantee a cheater free process is by completely making every step of the process transparent. Coincidentally it's the technology currently used to cheat that can be put to use to prevent it. The only problem is there is always one or more black-box-systems between the voter and the results, so there is no way to guarantee it unless we remove every black-box step. Here is my solution to make the process as open as possible:
- Generate a unique key per voter and store on a single offline drive.
- Print voter registration cards with each key used once (we know every voter can vote exactly once).
- Generate a strong encryption certificate that is only valid around election day for HTTPS use.
- Voters can choose to vote at home (but they need a separate online ID) or at a registered voting location (and show their ID), but the process is the same.
- To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.
- The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.
- These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.
- The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.
- The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.
- The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.
Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks... The current voting solutions are much worse in my opinion since there are attack vectors too, but we do not know how many and how bad, and even worse: we have no idea how often these are already exploited. But we do know for a fact that paper elections have been rigged (despite the rules), electronic voting machines have been tampered with and even something as simple as denying people the right to vote (sending people away who stand in line for hours). These non-tech exploits are used regularly and should not be forgotten... I'd say a web-voting is the lesser of two possible evils. Especially since the technical requirements of such a system are known. If fucking soda companies can print unique codes on the inside of the bottles and phone operators use codes for prepaid cards i'd say we should be able to make it work for something important.
I posit that for every argument against such a system slashdot's finest geeks will come up with a solution...
Re:Ultimate accountability (Score:3, Insightful)
I agree, vote rigging should be treated as seriously as a crime can be.
I'd add to that- politicians taking bribes should attract similar penalties.
everyone should stick to paper (Score:2, Insightful)
even the most technologically advanced societies (some nordic countries want to vote by cell phone!?), for two reasons:
1. attack vectors
of course paper voting is subject to cheats, ballot stuffing, getting lost in transit, etc. its just that paper voting is a simpler process than mechanical or electronic voting, so therefore the numnber of attack vectors for paper voting is orders of magnitude less than mechanical voting... which in turn has orders of magnitude less attack vectors than electronic voting
one well placed dude can, in a few milliseconds, in a statistically invisible way, randomly increase votes for one candidate over the other. and i don't care how well you design electronic voting technologically, its still overseen by corruptible government bureaucrats, for which there is no technological solution
but with paper voting, the cheats you can pull off are only crude, requiring armies of cooperating conspirators... and no conspiracy of sufficient size is airtight. therefore: discoverable. a cheat by one guy or a handful is also statistically discoverable: a truck driver of vote boxes in one precinct can't lose 10,000 votes or introduce 10,000 fake ones without being noticed in an audit. and for every one of these paper balot cheats, there a simply 1,000 such variations, attack vectors, for the more complex electronic voting, and even some new and exotic methodologies. so to guard paper voting is simply an easier, less creative process. you can't outwit the committed bad guy in a complex system, but you can outman him in a crude system
2. perception
you can have all of the transparent standards for the PROFESSIONALS that you want. but for your average joe blow, the more the voting process is a black box (press keys -> sausage -> president comes out on other end) the more they are susceptible to lose confidence in the process. paper voting simply is a smaller black box. you write on a piece of paper. the papers ate stacked somewhere. some people scan or look at them if there's a problem: its all eminently comprehensible to anyone how the process works. no databases, no tcp/ ip stacks, no authentication, no encryption... no "sausage" parts that the average voter does not understand and therefore does not trust
democracy is only valid as long as it is seen a legitimate representation of the will of the people. put that legitimacy in doubt, and democracy loses all of its strengths. therefore, we should always, forever more, no matter what technological advances we experience, vote simply with paper
the problem here is technophilia: solving a simple problem in an overly complex way simply because you like the technology. electronic voting is a contrived false solution that introduces far more problems than it solves
Re:Looks like Diebold has some new competition! (Score:3, Insightful)
There's a much simpler reason.
The people ordering ATMs, care a great deal more about their correct and secure operation, than the people ordering voting-machines.
Re:Looks like Diebold has some new competition! (Score:3, Insightful)
Yeah. That too. They care, AND they notice.
The ATM is supposed to withdraw money from your account, and dispense cash, and ideally do the same amount of both.
If it withdraws -more- from the account than it dispenses, odds are plenty of account-holders will notice in quick order (not everyone checks, but ENOUGH people do), whereas if it does the oposite, odds are the bank will notice real quickly. (plenty of those who get too much cash from the ATM will talk about it too)
I'm not convinced politicians universally care about voting, other than perhaps if they think they're likely to be cheated AGAINST. But neither do they typically notice, and that makes it worse, sure.
Re:Ultimate accountability (Score:3, Insightful)
What stops people from selling their vote and going to the polling booth to vote?
Easy: the buyer has no way of verifying that the seller did indeed vote how he promised to vote.
it makes it *very* easy for people to disrupt, influence or plainly destroy votes there. Someone in this thread already pointed out practices like this: http://en.wikipedia.org/wiki/Booth_capturing [wikipedia.org] [wikipedia.org].
Such practices are ...hmmm... rather obvious. Meaning, that in a really democratic country, they would lead to instant cancellation of the election, and punishment of the perps.
If such brute force disruptions are commonplace in India, then security of electronic elections is indeed the least of their worries. Without punishment of obvious abuse, the crooks could just wheel a supercomputer into the polling station, collect all the electronic ballot pads, openly break their seals, and reflash whatever firmware they want into them, hand them back (or just hand their own devices back which don't even need to look like the original ones...), and move on to the next polling station. No need to worry about stealth and miniaturized flash Ram writers if nobody cares about open tampering.
Security (... any kind of security ...) only makes sense if there is a meaningful followup to obvious tampering. And how much more obvious than Booth capturing can you get? You're basically taking a whole polling station hostage, and there is no consequence to this? *Mind boggles*
Re:Security (Score:1, Insightful)
We're going around in circles here. The whole point of the computer voting is that humans can't reliable mark paper ballots. If you have to put an arrow pointing to the party you vote for, some people will put the arrow between parties. If you eliminate that problem by using punched cards, you have hanging chads to worry about. The problem of imperfect human voters can be solved a couple different ways. One is to change the law that says everybody's vote counts to say that only people who can perfectly fill out the ballot get their vote counted. Since changing that law would be political suicide, it's much easier to just use computers to make every ballot get filled out perfectly.
dom