Security researchers have shown that election hacking is a real and present dangers as it’s possible to access and change votes on the electronic voting machines used in U.S. elections — in less than 90 minutes, New Scientist reports.
The demonstration at DEF CON, a security conference held in Las Vegas last week, involved 30 machines purchased from eBay or government auctions. Security experts attending the conference were able to hack into the machines and change votes in a variety of ways, even wirelessly.
One machine was powered by Windows XP, which can be accessed remotely through a Wi-Fi system, meaning that votes could be changed from anywhere. Other machines had mechanical locks that could be pried open, allowing access to the USB ports inside. Others simply had uncovered USB ports. One hacker team just plugged in a keyboard to gain control of the machine.
The primary reasons the machines are vulnerable, the magazine reports, is that individual manufacturers conduct their own testing and don’t make their code available to outside experts or the public to examine for weaknesses. “If you make your code open source, any vulnerabilities that are found can be sorted before election day, which is good for democracy but not necessarily for the manufacturer’s reputation,” says Steve Schneider, director of the Surrey Center for Cybersecurity.
Potential solutions include requiring that precincts only use voting machines with open-source software so manufacturers have to be equally transparent; or using voting machines that have “end-to-end verifiability,” which give voters an encrypted receipt of their vote that can be physically tallied if there’s evidence a machine has been hacked.
Although there’s no evidence that Russia directly changed vote totals in the last presidential elections held in the United States — although there is proof that Russian hackers accessed and attempted to alter some voter databases — until greater security measures are implemented, it’s difficult, if not impossible, to know for sure. “It could have already happened and we wouldn’t know,” says Schneider.