At the DefCon security conference in Las Vegas, for the last two years, hackers have come to the Voting Village every year to scrutinize voting machines and analyze them for vulnerabilities. This year, at DefCon 27, the targeted voting machine included a $10 million project by DARPA (Defense Advanced Research Projects Agency). However, hackers were unable to break into the system, not because of robust security features, but due to technical difficulties during the setup.
“A bug in the machines didn’t allow hackers to access their systems over the first two days,” CNet reports.
DARPA announced this voting system in March, this year, hoping that it “will be impervious to hacking”. The system will be designed by the Oregon-based verifiable systems firm, Galois. “The agency hopes to use voting machines as a model system for developing a secure hardware platform—meaning that the group is designing all the chips that go into a computer from the ground up, and isn’t using proprietary components from companies like Intel or AMD,” Wired reports.
Linton Salmon, the project’s program manager at Darpa says, “The goal of the program is to develop these tools to provide security against hardware vulnerabilities. Our goal is to protect against remote attacks.”
Voting Village’s co-founder Harri Hursti said, the five machines brought in by Galois, “seemed to have had a myriad of different kinds of problems. Unfortunately, when you’re pushing the envelope on technology, these kinds of things happen.”
“The Darpa machines are prototypes, currently running on virtualized versions of the hardware platforms they will eventually use.” However, at Voting Village 2020, Darpa plans to include complete systems for hackers to access.
Dan Zimmerman, principal researcher at Galois said, “All of this is here for people to poke at. I don’t think anyone has found any bugs or issues yet, but we want people to find things. We’re going to make a small board solely for the purpose of letting people test the secure hardware in their homes and classrooms and we’ll release that.”
Sen. Wyden says if voting system security standards fail to change, the consequences will be much worse than 2016 elections
After the cyberattacks in the 2016 U.S. presidential elections, there is a higher risk of securing voters data in the upcoming presidential elections next year. Senator Ron Wyden said if the voting system security standards fail to change, the consequences could be far worse than the 2016 elections.
In his speech on Friday at the Voting Village, Wyden said, “If nothing happens, the kind of interference we will see form hostile foreign actors will make 2016 look like child’s play. We’re just not prepared, not even close, to stop it.”
Wyden proposed an election security bill requiring paper ballots in 2018. However, the bill was blocked in the Senate by Majority Leader Mitch McConnell who called the bill a partisan legislation.
On Friday, a furious Wyden held McConnell responsible calling him the reason why Congress hasn’t been able to fix election security issues. “It sure seems like Russia’s No. 1 ally in compromising American election security is Mitch McConnell,” Wyden said.
One reason why Congress hasn’t passed major election security legislation, Wyden says, is that “the voting machine lobby has very big political biceps.”
Wyden says he is “perhaps their last favorite” lawmaker because of all the questions he’s asked them.
— Eric Geller (@ericgeller) August 9, 2019
According to a security researcher, the voting system has a terrible software vulnerability
Dan Wallach, a security researcher at Rice University in Houston, Texas told Wired, “There’s a terrible software vulnerability in there. I know because I wrote it. It’s a web server that anyone can connect to and read/write arbitrary memory. That’s so bad. But the idea is that even with that in there, an attacker still won’t be able to get to things like crypto keys or anything really. All they would be able to do right now is crash the system.”
According to CNet, “While the voting process worked, the machines weren’t able to connect with external devices, which hackers would need in order to test for vulnerabilities. One machine couldn’t connect to any networks, while another had a test suite that didn’t run, and a third machine couldn’t get online.”
The machine’s prototype allows people to vote with a touchscreen, print out their ballot and insert it into the verification machine, which ensures that votes are valid through a security scan. According to Wired, Galois even added vulnerabilities on purpose to see how its system defended against flaws.
That’s a wrap! Thank you everyone who attended the #VotingVillage2019. Here’s some things our attendees discovered this year. Please look forward to our full report in the fall and special thanks to our hackers and scribes for all their hard work. pic.twitter.com/pH4W8JiJrq
— DEFCON VotingVillage (@VotingVillageDC) August 11, 2019
To know more about this news in detail, head over to Wired report.
*** This is a Security Bloggers Network syndicated blog from Security News – Packt Hub authored by Savia Lobo. Read the original post at: https://hub.packtpub.com/at-defcon-27-darpas-10-million-voting-system-could-not-be-hacked-by-voting-village-hackers-due-to-a-bug/