Electronic voting machines were used extensively for several years in Riverside County. Local election officials have always said they are the safest and most accurate way to vote. State officials challenged computer scientists to put the machines to the test. What they discovered is alarming.
Along the shores of Santa Barbara, the University of California has been quite busy. A team of computer scientists assemble in their lab.
The team successfully hacked the same Sequoia “Edge 2” electronic voting machines used in Riverside County. The county put many of these machines into storage after California’s Secretary of State decertified most of them.
Riverside county’s board of supervisors disagreed and continue to express interest in bring the machines back. When asked if the Sequoia Edge 2’s were safe, County Registrar of Voters Barbara Dunmore replied, ” Yes.”
‘Not so fast,’ say theUC santa barbara computer scientists. “There is this malicious software that we devised that can be very simply injected into the overall system and reach every single DRE machine. Installing this ‘evil’ system in this otherwise benign voting machine.” said Associate Professor Giovanni Vigna at UC Santa Barbara.
To prove the point, they recently posted their hacking exploits on the web for all to see.
One video clip describes, “The attack begins when the attacker is able to put a USB key that contains a trojan application in the pool of USB keys that are used to initialize the system.”
Inserting a virus into the voting machines is as simple as using a $15USBflash drive. The computer virus is programmed well enough to effectively hide if it’s being detected.
Vigna explained, “The voter says, ‘wait a minute, this is not who I voted for’ and decides to recast his or her vote. Then we say, maybe somebody is possibly detective the problem so we stay quiet for a while, then we restart doing our shenanigans whenever we think it’s the right time.”
County election officials say they’ve fixed the problems, relying on computer logic and accuracy tests.
Registrar Barbara Dunmore said, “I will refer to the Secretary of State’s statement on that wherein she in fact dismisses that video as simply putting pictures to the report that’s already on the website without the security conditions in place that she updated for all counties using that system which averts any of those hacking attempts.”
But theUC Santa Barbara team say the Registrar’s security measures are no match for them, “I can say that the logic and accuracy testing is exactly the type of test our malicious firmware is able to detect and completely bypass,” added Vigna.
Fellow professor Dick Kemmerer said, “We’ve got negative comments like, ‘how can you guys do this?’ Well, I think the U.S. public needs to be informed about what they’re voting on. Whether their votes will be counted. Given that we’ve influenced that, I’m very proud.”
The Riverside County Registrar’s office will undergo an outside audit after a report from a watchdog group revealed this week there were paper ballots that went missing in recent elections.
County election officials still say the system is accurate for the November vote and they welcome the audit.
The computer scientist’s full 16 minute video can be viewed in the video player on KESQ.com