Home Hacking News Hackers at DEF CON took only 12 Minutes to Hack US Voting Machines

Hackers at DEF CON took only 12 Minutes to Hack US Voting Machines

by Harikrishna Mekala

This time at the DEF CON hacking convention in Las Vegas, 30 ballot boxes running on software used in American elections was set up in a simulated public White House race and hackers got to work actually tearing the gear apart to find out what was hidden inside.

In less than 90 minutes, the opening cracks in the systems’ defenses began resembling, revealing an embarrassingly low level of security. Then one was completely hacked wirelessly.

“Without issue, US voting systems are vulnerable and susceptible. Thanks to the participation of the hacker association today, we’ve revealed even more concerning exactly how,” said Jake Braun, who sold DEF CON originator Jeff Moss on the plan earlier this year.

“The scary point is we also understand that our foreign adversaries including Russia, North Korea, Iran maintain the abilities to hack them too, in the manner undermining systems of democracy and endangering US national security.”

The devices from Diebold to Sequoia and Winvote equipment were purchased on eBay or from government disposals, and an examination of them at the DEF CON Voting Village exposed a sorry state of affairs. Some were operating very outdated and exploitable software such as unpatched apps of OpenSSL and Windows XP and CE. Some had real ports open that could be managed to install wicked software to tamper with votes.

It’s one person to really nobble a box in presence of you, which isn’t difficult for election administrators to spot and stop. It’s different to do it in the air from a mile. Apparently, some of the boxes included inadequately secured Wi-Fi connectivity. A WinVote method used in former county elections was, it seems, hacked via Wi-Fi and the MS03-026 vulnerability in WinXP, allowing info sec academic Carsten Schurmann to enter the machine from his laptop using RDP. Another method could be possibly cracked remotely via OpenSSL bug CVE-2011-4109, it is claimed.

Take your time to comment on this article.

You may also like