Hackers rocked the voting machines this summer. On July 28, at the first DefCon “village” dedicated to exposing weaknesses in electronic voting machines—and the first coordinated, research-based assault on EVMs in the United States since 2007—it took visitors just 80 minutes to hack the first machine. The hackers proceeded to find and penetrate multiple security vulnerabilities in each of the village’s 20 machines, representing five voting machine models, calling into question how secure machine-assisted elections are. Rep. Will Hurd (R-Texas) and Rep. Jim Langevin (D-R.I.), two of Congress’ senior cybersecurity experts, visited the village and later told hackers that they were “surprised” by how easy it was to hack voting machines. Langevin promised during the first on-stage appearance of sitting Congressmen at DefCon that when they return to Washington, D.C., “this is going to be a primary topic of conversation.”
Experts say addressing the types of vulnerabilities hackers uncovered at DefCon—and plugging related holes across the United States’ election systems—would require a far more complex process than patching outdated software. It would also require years of concentrated work.
… Matt Blaze wasn’t surprised at how fast the hacking village’s voting machines, models from AVS WinVote, Diebold, AccuVote, ES&S iVotronic, and Sequoia AVC Edge, fell victim to visitors. What did surprise Blaze, a professor at the University of Pennsylvania specializing in cryptography and voting-machines, was how effective basic hacking methods were in penetrating them.
“We knew all of these machines had been studied by experts before, and we knew that they were exploitable. What we didn’t know was how quickly somebody with just general computer security skills and reverse-engineering skills, given access to them, would be able to actually carry out exploitation,” Blaze says.