It only took a couple days and tweaks to about 50 lines of code for a pair of security researchers from Portland-based Galois to demonstrate how hackers could change an election if email voting were to move beyond the pilot phase. Researchers Joseph Kiniry and Dan Zimmerman were able to show how files could be intercepted between the voter and election office through a relatively easy hack of standard router software. The duo looked at routers that are commonly used by household Internet Service Providers. “We did experiments on how it could be deployed if we were a bad guy,” Kiniry said. “Unfortunately, the state of security on these devices on the Internet is so poor.” Plus, he noted detecting that something was wrong was difficult and would take security experts to figure out the router was not working properly.
Kiniry, who describes himself as a scientist and activist, has been researching election security for more than a decade. When he heard jurisdictions such as Maryland and Alaska were testing voting by email he became concerned. “It was our duty to do something about this,” he said, adding that concerns from the security community haven’t always been heard by election officials.
With this test, Kiniry is hoping to grab attention. So far, a hack like this hasn’t been seen in elections yet, but it has been seen in the banking world. “I will be completely unsurprised when we do see something,” he said.