Researchers Demo Hardware Attacks Against India's E-Voting Machines 179
An anonymous reader writes "India, the world's largest democracy, votes entirely on government-made electronic voting machines that authorities claim are 'tamperproof,' 'infallible,' and 'perfect,' but last week security researchers proved that they can be manipulated to steal elections. A team led by Hari Prasad, Professor J. Alex Halderman, and Rop Gonggrijp released an awesome video that shows off hardware hacks they built. These machines are much simpler than e-voting designs used in the US, but as the research paper explains, this makes attacking the hardware even easier. Halderman's students at the University of Michigan took only about a week to build a replacement display board that lies about the vote totals, and the team also built a pocket-sized device that clips onto the memory chips, with the machine powered on, and rewrites the votes. Clippy says, 'It looks like you're trying to rig an election ...'"
EVM: Simple tech & tamper resistent procedures (Score:2, Informative)
The way EVMs reduce rigging is not by any superior technology. It is based on simple accessible technology and elaborate procedures to ensure that poll rigging is minimized to the maximum extent possible. Check this very detailed FAQ by Election Commission of India, specifically Q24 and Q28.
http://www.indian-elections.com/electionfaqs/electronic-voting-machines.html [indian-elections.com]
Re:'tamperproof,' 'infallible,' and 'perfect' (Score:3, Informative)
Our project team includes three Centaurs, design was managed by the Minotaur and the UI was put together by a herd of Unicorns. Debugging was handled by a 500 year old wise Chinese dragon.
We tried that and it didn't work. The minotaur's design was too convoluted, the UI was pink and invisible, and after receiving hundreds of bug notices we discovered that the dragon had spent months farming gold.
Comment removed (Score:4, Informative)
Re:Secure e-voting (Score:2, Informative)
Why are there so many stories on slashdot about how awful e-Voting is? Is there a large part of the slashdot audience that seeks a return to pencil and paper solutions, instead of this new-fangled transistorisation? I think your idea makes perfect sense, the situation where a PROM is touched is the same situation as where a ballot box has been broken open.
I don't really get if you are complaining or agreeing...
Thing is, there are many differences between a ballot box and a e-voting system.
In the case of the ballot box, you need to tamper with it after the election, when it is best garded. Each ballot box only contain a limited number of votes, and you need to prepare a large amount of false ballots before hand.
In the case of the e-voting system, you can tamper with it before the election and make 'invisible' tampering (ROM flashing, replacing the display with hidden chips, etc). Once you got access to the machine once, you are good to change many elections. Also, the machine can contain more votes than a ballot box.
In my opinion, this is not a question of how hard it is to tamper with something, but the scale of the changes you can produce. Paper ballots only allow for small changes, while evoting allows for large scale changes
Scale of Indian elections and EVMs (Score:5, Informative)
Folks,
It is important to put the size of elections in India in perspective and how they operate to understand any meaningful amount of fraud or corruption possible.
The EVMs in question are extremely simple. They only have a breakout panel with 32 buttons (expandable upto 64 buttons with an addon breakout button panel). The machine only ever knows the number of enabled buttons. The names and party symbols are affixed as paper "stickers" on the buttons.
---------------------
[B] S First Last Name
---------------------
[B] S First Last Name
------...
The order and placement of stickers on the buttons changes from constituency to constituency. The machines are sealed/unsealed in presence of at least 3 officials, though in practice, it's no less than a dozen or more, as it's a public affair and often media is present.
Some numbers (courtesy http://www.indian-elections.com/facts-figures.html [indian-elections.com]):
Number of EVMs used: 1.023 million
Max candidates per EVM: 64
Max candidates in election from one constituency: 35
Total number of candidates: 5398 (India is a multi-party democracy)
Number of parties: 220
Number of registered voters: 675 million
Cost of '09 elections: Approx $2 billion
Any 'fraud' analysis needs to take the process and numbers into account. EVMs in India solve a LOT of problems with regard to elections and drastically cut down on time, effort and cost involved. There are a number of places where several miles of journey on the back of mule is needed to reach the polling booths. It's much easier to conduct an electronic poll there rather than carrying several large ballot boxes that could be snatched.
Diebold - Good ATM machines, bad voting machines. (Score:3, Informative)
You also have to figure that e-machines, being used only a couple times a year on average, have to be competitive with paper based systems as far as cost goes, while a ATM Machine has to be competitive with a teller(or three)'s salary spread over most of a decade.
Oh, and for whatever reason, Diebold didn't use the same people in the effort.
Re:Ultimate accountability (Score:3, Informative)
Here is my solution to make the process as open as possible:
[...]
- To vote at home you can use the supplied voting live-CD or use your own (it's recommended instead of your default OS), or use the kiosks supplied at voting locations.
Make it possible to vote at home and a lot of people will be coerced to vote a certain way by their spouse / parent (or you're out of this house) / children (elderly people). Make it possible to vote from any computer and companies will nicely provide computers for you, will even help you. You would be free vote the way you wanted and they would not even put you on top of the list for the next round our layoffs if you voted wrong. Vote at the kiosk against the wishes of the above parties and be assured they will be very understanding of your reservations and will surely not take any action against you.
- The voting consists of going to the voting website, verifying the origin of the site and after that select a candidate and enter the key to store the vote.
So you send your vote and the unique id the government gave you back to the government. But your vote is still anonymous because the government would never stoop so low as to match your voting key with your identity, right? And anyway if they say it cannot be done it must be true, right?
- These votes are stored on the same 'offline' drive that is currently online only with a serial cable connected to the webserver.
Who cares whether it's a serial cable or a SCSI / IDE / SATA / USB one. All that matters is: can the online server write to the disk or not? If it can, then it can mess with all its content, that's all. And if it can't... well, how do you, the average joe, know it cannot in the first place? Did you check that drive / cable in person or did you just trust some government official?
- The drive containing the votes as well as the server(s) that serves the website are on public display and the code is all opened to public scrutiny.
And the code which is on public display is the same one that's running on the server, right? You know because you compiled and installed it yourself (and so did the other 100 million plus voters).
- The server should be behind a firewall that specifically looks for any and all attacks (it should be fairly easy if you tightly define only the packets that may get trough), if there is any reason to doubt the results because of a possible breach we will know.
It's almost as simple as making sure a login procedure is secure. And login procedures have never had any security issue... well, not very often anyway.
- The results as well as the timeline of the votes is made public from the start, when the voting closes the results are known *immediately*.
So the server shows you whatever it wants you to believe the votes are in real time. So what? Besides that, do you propose to show partial results during election day? Are you sure that's a good idea? You do know that's a radical departure from current practice, right?
Before talking about how insecure the web is please note that this problem is known and well understood, so we have know what to harden the system against attacks...
What you missed totally is that the server is set up by the government and thus cannot be trusted. If you really trusted the government you would not hold elections. You would just write into law that at the end of his mandate the head of state must designate his heir^H^H^H^Hsuccessor based on the people's will.
The current voting solutions are much worse in my opinion since there are attack vectors too,
Your proposal did not eliminate any attack vector. You just added at least half a dozen even more serious vectors!
But we do know for a fact that paper elections have been rigged (desp