Computer scientists demonstrated that criminals could hack an electronic voting machine and steal votes using a malicious programming approach that had not been invented when the voting machine was designed.
The team of scientists from University of California, San Diego, the University of Michigan, and Princeton University employed “return-oriented programming” to force a Sequoia AVC Advantage electronic voting machine to turn against itself and steal votes.
“Voting machines must remain secure throughout their entire service lifetime, and this study demonstrates how a relatively new programming technique can be used to take control of a voting machine that was designed to resist takeover, but that did not anticipate this new kind of malicious programming,” said Hovav Shacham, a professor of computer science at UC San Diego’s Jacobs School of Engineering and an author on the new study presented on August 10, 2009 at the 2009 Electronic Voting Technology Workshop / Workshop on Trustworthy Elections (EVT/WOTE 2009), the premier academic forum for voting security research.
In 2007, Shacham first described return-oriented programming, which is a powerful systems security exploit that generates malicious behavior by combining short snippets of benign code already present in the system.
The new study demonstrates that return-oriented programming can be used to execute vote-stealing computations by taking control of a voting machine designed to prevent code injection. Shacham and UC San Diego computer science Ph.D. student Stephen Checkoway collaborated with researchers from Princeton University and the University of Michigan on this project.
“With this work, we hope to encourage further public dialog regarding what voting technologies can best ensure secure elections and what stop gap measures should be adopted if less than optimal systems are still in use,” said J. Alex Halderman, an electrical engineering and computer science professor at the University of Michigan.
The computer scientists had no access to the machine’s source code—or any other proprietary information—when designing the demonstration attack. By using just the information that would be available to anyone who bought or stole a voting machine, the researchers addressed a common criticism made against voting security researchers: that they enjoy unrealistic access to the systems they study.
“Based on our understanding of security and computer technology, it looks like paper-based elections are the way to go. Probably the best approach would involve fast optical scanners reading paper ballots. These kinds of paper-based systems are amenable to statistical audits, which is something the election security research community is shifting to,” said Shacham.
“You can actually run a modern and efficient election on paper that does not look like the Florida 2000 Presidential election,” said Shacham. “If you are using electronic voting machines, you need to have a separate paper record at the very least.”
The Latest on: Electronic voting machines
[google_news title=”” keyword=”electronic voting machines” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
via Google News
The Latest on: Electronic voting machines
- India’s top court rules out changes to counting process over voting machine concernson April 26, 2024 at 5:31 am
India’s top court rules out changes to counting process over voting machine concerns - Supreme court rejects petitions seeking return to paper ballots ...
- Ferrying voting machines to mountains and tropical areas in Indian elections is a Herculean taskon April 25, 2024 at 11:33 pm
From the Himalayan mountains to the tropical Andaman Islands, Indian officials are using helicopters, buses, trucks, boats, donkeys, and mules to carry electronic voting machines for India’s gigantic ...
- After 2023 election woes, Northampton County, voting machine vendor pleased with primary electionon April 25, 2024 at 4:00 am
A Morning Call reporter in the government center witnessed nothing indicating problems. Ward results came into the county beginning around 8:15 p.m., and all votes from mail-in returns and ballot ...
- Supreme Court brushes aside Kari Lake lawsuit over electronic voting machineson April 23, 2024 at 5:49 am
The Supreme Court on Monday declined to hear a lawsuit brought by Republican Senate candidate Kari Lake challenging the use of electronic voting machines in Arizona.
- Supreme Court waves off Kari Lake lawsuit over electronic voting machineson April 22, 2024 at 3:32 pm
The Supreme Court brushed aside a lawsuit Monday from Republican Senate candidate Kari Lake challenging the use of electronic voting machines in Arizona.
- Supreme Court won't hear Kari Lake's allegations of electronic voting machine hackingon April 22, 2024 at 12:42 pm
The Supreme Court on Monday opted not to hear a case brought by Arizona Republican U.S. Senate candidate Kari Lake and state GOP figure Mark Finchem alleging electronic voting machines are vulnerable ...
- Kari Lake loses bid for Supreme Court take her lawsuit on electronic voting in Arizonaon April 22, 2024 at 7:32 am
The Supreme Court declined to take a lawsuit from the Kari Lake, the Republican Senate candidate from Arizona, related to electronic voting machines, ...
- Supreme Court rejects Kari Lake, Mark Finchem in machine voting lawsuit, ending legal challengeon April 22, 2024 at 7:07 am
The U.S. Supreme Court rejected an appeal by Arizona Republicans Kari Lake and Mark Finchem challenging the use of electronic voting machines.
- India's Lok Sabha election 2024: What are electronic voting machines?on April 15, 2024 at 9:42 pm
India has been using electronic voting machines (EVMs)extensively since 2000 to record votes in the world's largest election.
- New voting machines headed to all polls in Burlington Countyon April 15, 2024 at 1:49 am
On June 4, all Burlington residents who turn out on primary election day will get a look at the electronic voting machines replacing the push button machines in general use here for about a quarter ...
via Bing News