Culture

DEFCON Video Shows Voting Machine Used in 18 States Is Hacked in 2 Minute

A hacker at DEFCON shows how to get into a voting machine "admin" mode in 120 seconds.

Amidst a climate of uncertainty concerning American election fraud, foes, and fake news, a gathering of hackers at the 26th annual DEFCON conference in Vegas this past weekend has reminded everybody that US election infrastructure is alarmingly susceptible to ulterior motives, an alarming new video shows.

One attendee at the annual Las Vegas hacker convention shared a video this past weekend on Twitter that reveals how a voting machine the hackers says is used in 18 states can be compromised in two minutes without special tools or advanced knowledge.

The Twitter user who posted the tutorial is Rachel Tobac, the CEO of SocialProof Security, a service that works to assess a company’s social engineering security and educate employees on how a hacker might gather information to gain unauthorized access to system. Tobac is a DEFCON pro when it comes to illustrating how easy a company’s network can be hacked through a few phone calls, but her foray into election infrastructure earned her more mainstream recognition — the tweet had been watched more that 1.62 million times as of Monday afternoon.

In the video, Tobac explains that accessing the voting machine’s administrative functions is as easy as removing the hood with a release button, unplugging the card reader, picking the lock to turn on the machine — which she says can be done with a ballpoint pen — and pressing the bright red “on” button. After the machine boots up, a “secure voting terminal” loads on the screen. An error message pops up, but Tobac presses “cancel” and “okay” on the screen, which takes her to the catalogue of voting data.

The hacked voting machine — which appears to be a pPremier AccuVote TS or TSX](https://www.verifiedvoting.org/resources/voting-equipment/premier-diebold/accuvote-tsx/) — was just one of several features in the conferences Voting Village exhibit, which showed how decidedly old-school voting technology could be easily compromised. The voting machine has been the subject of scrutiny before, but it still used.

“This is not a cyber-mature industry,” Voting Village organizer Jake Braun told the Wall Street Journal

Apart from lawmakers who introduced legislation to expedite security clearances for state election officials, and some outcry from the general public, awareness of the flaws hasn’t broken through the mainstream.

Other headlines to emerge this weekend from DEFCON’s Voting Village exhibit, where hackers experiment with breaking into election equipment, both decommissioned and still in use, included an 11-year-old girl who hacked a replica of the Florida secretary of state’s website and changed the results within 10 minutes.

This is the second year DEFCON has experimented with the Voting Village, and already the National Association of Secretaries of State and ES&S, one of the largest providers of election equipment in the US, have both issued statements discrediting the hackers’ findings. The groups both find fault with the so-called “pseudo environment” of the Voting Village, where hackers have unlimited access to the machines that “does not replicate accurate physical and cyber protections” in voting booths around the country.

Matt Blaze, an organizer of the Voting Village and an election security researcher, tells BuzzFeed News the DEFCON experiments don’t prove any given voting infrastructure has been tampered with in a legitimate election to date, but that the vulnerabilities in the voting machine systems should spur action among election officials.

Blaze also shared his concerns on Twitter, including the “overwhelming consensus among experts” that paper ballots, mandatory risk-limiting audits, and more resources to protect back-end systems should be implemented in lieu of the current “insecure voting systems.”

While responders to Blaze and Tobac on Twitter suggest everything from blockchain-based voting to near-constant inspections of infrastructure on election day, it’s clear that, until elections officials denounce the current state of voting machines, an airtight system for voting en masse will not be on the horizon for upcoming elections.

Related Tags