A hacker armed with a $25 PCMCIA card can, within a few minutes, change the vote totals on an aging electronic voting machine that is now in limited use in 13 U.S. states, a cybersecurity vendor has demonstrated. The hack by security vendor Cylance — which released a video of it Friday — caught the attention of noted National Security Agency leaker Edward Snowden, but other critics of e-voting security dismissed the vulnerability as nothing new. The Cylance hack demonstrated a theoretical vulnerability described in research going back a decade, the company noted. The hack is “not surprising,” Pamela Smith, president of elections security advocacy group Verified Voting, said by email. “The timing of the release is a little odd.” … The Cylance demonstration was “not new and badly timed,” said Joe Kiniry, a security researcher and CEO at Free and Fair, an election technology developer. “This kind of attack has been demonstrated on almost all of the widely deployed machines used today.”
… The Cylance hack would be “devastating if the adversary we were concerned about was a local political machine intent on controlling, perhaps, a county,” Jones said by email.
Even such a local hack might require a conspiracy involving several people, with the possibility of someone leaking the plans, he added.
“There may be such corrupt political machines, and we ought to phase out these voting machines to prevent their abuse, but it’s not the big news story of this election,” Jones said. “This hack is irrelevant to concerns about Vladimir Putin trying to control the presidential election.”
Full Article: Security vendor demonstrates hack of U.S. e-voting machine | Computerworld.