Short Bytes: Can some group of notorious hackers influence the U.S. Presidential Election? To study the same, the cybersecurity firm Symantec simulated the election process and found various security loopholes in the process. The biggest flaws sketched by the firm are related to the lack of encryption in voting machine hard drives and data storing cartridges.
The voting machines being used in the elections must adhere to the National Institute for Interdisciplinary Science and Technology (NIIST) guidelines that state that the machine should never connect to the internet and they must be kept locked. So, to hack them, an attacker needs to get access before the election or tamper with on the day of the election. To study the different aspects involved, the leading cybersecurity firm Symantec created an election simulation named “Hack the Vote”. To get things done, they bought the actual DRE voting machines from a website and other equipment.
Voting multiple times using a $15 device
When voters enter a polling station, they are handled a chip card for casting their vote. The card is basically a tiny computer with its own RAM, CPU, and OS. So, just like any other computer, its flaws can be exploited. Symantec examined that a hacker can modify the code on a voter’s chip card. If an attacker knows how to program a chip card, using a $15 Raspberry Pi-like device, he/she can reactivate the card and vote multiple times.
Lack of encryption on voting machines
Surprisingly, there was no encryption on the voting machine’s internal hard drive and it used an outdated operating system. This absence of encryption on machines can act as another attack layer. A skilled hacker can reprogram the drive using a simple device.
Manipulation and tampering
The study also showed that the behind-the-scenes data tabulation presents an even scarier scenario. The votes are stored in simple cartridges like a USB drive that stores data without any encryption. A hacker can easily rewrite the information and add votes. Symantec also explored the possibility of uploading malware to alter the voting database or erase it.
Interestingly, Symantec has recommended voting by paper–if it’s available at your polling station. Wondering why? Because there’s nothing much an average user can do to secure the voting technology. You can obviously inform a poll worker if you notice something strange.
Did you find this article helpful? Don’t forget to drop your feedback in the comments section below.