Follow Slashdot stories on Twitter


Forgot your password?
Government Hardware Hacking Security Build

Researchers Demo Hardware Attacks Against India's E-Voting Machines 179

An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"
This discussion has been archived. No new comments can be posted.

Researchers Demo Hardware Attacks Against India's E-Voting Machines

Comments Filter:
  • by Sivaraj ( 34067 ) on Monday May 10, 2010 @06:52AM (#32153254)

    The way EVMs reduce rigging is not by any superior technology. It is based on simple accessible technology and elaborate procedures to ensure that poll rigging is minimized to the maximum extent possible. Check this very detailed FAQ by Election Commission of India, specifically Q24 and Q28. []

  • by Thanshin ( 1188877 ) on Monday May 10, 2010 @06:57AM (#32153282)

    Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.

    We tried that and it didn't work. The minotaur's design was too convoluted, the UI was pink and invisible, and after receiving hundreds of bug notices we discovered that the dragon had spent months farming gold.

  • Re:Security (Score:4, Informative)

    by hairyfeet ( 841228 ) <bassbeast1968@gm ... minus herbivore> on Monday May 10, 2010 @08:18AM (#32153654) Journal

    You know, maybe I'm missing something, but I thought the E-Voting machines I used in the last election was just about as good as you could get. It was fast, simple, and at least from this old greybeard's thinking got rid of the paper ballot problems without adding new ones. Now don't ask me who made them because I never thought to look, but here is how it worked-

    You got in line, stepped up and they checked you against the role, and here is what I thought was a nice touch, if anyone showed up that was in the wrong district they did NOT have to go play "hunt the polling place" because an election official would simply pull them aside for a few minutes while he got on a cell phone and have them changed over for this one election. I saw it happen twice and the wait was less than five minutes for the one in the wrong place.

    Then you walked up to the machine, which was just a large flat screen with a pair of sides to keep those on either side from looking at your votes, and began to choose. Each choice after you were given a screen asking if this is what your choice was to make sure you didn't hit a button by mistake, was printed on a flat paper ballot that would scroll in this glass partition next to the screen where you could easily see it. After you hit the final confirm the booth would finalize the printout and make a noise so that the election volunteer could collect both the paper and electronic ballot. You were handed the ballot to look it over and give a final confirmation, and then the cartridge with the electronic vote was placed on the table with the officials while the paper ballot was placed in the voting box held by the same.

    According to the official I talked to the electronic vote was used for those early election results the media likes, while the computer printed ballot (so no hanging chad crap) was brought to election headquarters by election officials made up of the three major parties (D,R, and Green) and while they watched the ballots would be fed into a machine which counted and showed the results right there on the screen. Any contested votes could be done quickly and easily, and since it had both the human readable vote choices and the computer readable printout checks to see if they matched could be easily done.

    Now maybe I'm missing something, but it seemed like a pretty damned close to perfect system to me. The large screen with confirmations made it so even the old and those with sight problems (which BTW they had a separate machine away from the others where a volunteer would read the choices to you if you couldn't see or were disabled and couldn't reach. Nice touch) while having the computer print the ballot in both human readable and machine code got rid of human error without ending up a "black box" with no way for the user to check. Considering we went from the old punch machines with 1 hour plus waits to less than 5 minutes from parking to walking out the door I'd say it was a success. All in all a totally pleasant voting experience that took away the doubts and hassles the old punch machines always gave me.

  • Re:Secure e-voting (Score:2, Informative)

    by ProfMobius ( 1313701 ) on Monday May 10, 2010 @08:58AM (#32154038)

    Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.

    I don't really get if you are complaining or agreeing...

    Thing is, there are many differences between a ballot box and a e-voting system.

    In the case of the ballot box, you need to tamper with it after the election, when it is best garded. Each ballot box only contain a limited number of votes, and you need to prepare a large amount of false ballots before hand.

    In the case of the e-voting system, you can tamper with it before the election and make 'invisible' tampering (ROM flashing, replacing the display with hidden chips, etc). Once you got access to the machine once, you are good to change many elections. Also, the machine can contain more votes than a ballot box.

    In my opinion, this is not a question of how hard it is to tamper with something, but the scale of the changes you can produce. Paper ballots only allow for small changes, while evoting allows for large scale changes

  • by mritunjai ( 518932 ) on Monday May 10, 2010 @09:10AM (#32154158) Homepage


    It is important to put the size of elections in India in perspective and how they operate to understand any meaningful amount of fraud or corruption possible.

    The EVMs in question are extremely simple. They only have a breakout panel with 32 buttons (expandable upto 64 buttons with an addon breakout button panel). The machine only ever knows the number of enabled buttons. The names and party symbols are affixed as paper "stickers" on the buttons.

    [B] S First Last Name
    [B] S First Last Name

    The order and placement of stickers on the buttons changes from constituency to constituency. The machines are sealed/unsealed in presence of at least 3 officials, though in practice, it's no less than a dozen or more, as it's a public affair and often media is present.

    Some numbers (courtesy []):
    Number of EVMs used: 1.023 million
    Max candidates per EVM: 64
    Max candidates in election from one constituency: 35
    Total number of candidates: 5398 (India is a multi-party democracy)
    Number of parties: 220
    Number of registered voters: 675 million

    Cost of '09 elections: Approx $2 billion

    Any 'fraud' analysis needs to take the process and numbers into account. EVMs in India solve a LOT of problems with regard to elections and drastically cut down on time, effort and cost involved. There are a number of places where several miles of journey on the back of mule is needed to reach the polling booths. It's much easier to conduct an electronic poll there rather than carrying several large ballot boxes that could be snatched.

  • by Firethorn ( 177587 ) on Monday May 10, 2010 @09:15AM (#32154210) Homepage Journal

    You also have to figure that e-machines, being used only a couple times a year on average, have to be competitive with paper based systems as far as cost goes, while a ATM Machine has to be competitive with a teller(or three)'s salary spread over most of a decade.

    Oh, and for whatever reason, Diebold didn't use the same people in the effort.

  • by fgouget ( 925644 ) on Monday May 10, 2010 @09:21AM (#32154270)

    Here is my solution to make the process as open as possible:
    - To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.

    Make it possible to vote at home and a lot of people will be coerced to vote a certain way by their spouse / parent (or you're out of this house) / children (elderly people). Make it possible to vote from any computer and companies will nicely provide computers for you, will even help you. You would be free vote the way you wanted and they would not even put you on top of the list for the next round our layoffs if you voted wrong. Vote at the kiosk against the wishes of the above parties and be assured they will be very understanding of your reservations and will surely not take any action against you.

    - The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.

    So you send your vote and the unique id the government gave you back to the government. But your vote is still anonymous because the government would never stoop so low as to match your voting key with your identity, right? And anyway if they say it cannot be done it must be true, right?

    - These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.

    Who cares whether it's a serial cable or a SCSI / IDE / SATA / USB one. All that matters is: can the online server write to the disk or not? If it can, then it can mess with all its content, that's all. And if it can't... well, how do you, the average joe, know it cannot in the first place? Did you check that drive / cable in person or did you just trust some government official?

    - The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.

    And the code which is on public display is the same one that's running on the server, right? You know because you compiled and installed it yourself (and so did the other 100 million plus voters).

    - The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.

    It's almost as simple as making sure a login procedure is secure. And login procedures have never had any security issue... well, not very often anyway.

    - The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.

    So the server shows you whatever it wants you to believe the votes are in real time. So what? Besides that, do you propose to show partial results during election day? Are you sure that's a good idea? You do know that's a radical departure from current practice, right?

    Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks...

    What you missed totally is that the server is set up by the government and thus cannot be trusted. If you really trusted the government you would not hold elections. You would just write into law that at the end of his mandate the head of state must designate his heir^H^H^H^Hsuccessor based on the people's will.

    The current voting solutions are much worse in my opinion since there are attack vectors too,

    Your proposal did not eliminate any attack vector. You just added at least half a dozen even more serious vectors!

    But we do know for a fact that paper elections have been rigged (desp

Any sufficiently advanced technology is indistinguishable from a rigged demo.