Hackers Breach Voting Machines at Defcon

One of the nation’s largest cybersecurity conferences, Defcon Convention, invited attendees from around the world to Las Vegas, NV to experience hands-on hacking of voting machines in hopes of demonstrating to researchers how simple the process can be.

It took nearly an hour and a half for an associate professor with IT-University of Copenhagen to successfully hack the voting machine at the Defcon Convention in Las Vegas on Friday night according to CNET. Carsten Schürmann gained access to the Advanced Voting Solutions’ 2000 WinVote machine through the Wi-Fi system which enabled him to gain access to the machine.

Another security consultant, Thomas Richards said, “It took me only a few minutes to see how to hack it,” by only glancing at the Premier Election Solutions machine. “I didn’t come in knowing what to expect, but I was surprised by what I found,” Richards stated. The machine Richards discovered how to hack used a beneath-the-surface software designed in 2007, but a variety of vulnerabilities have been developed over the past decade.

The Advanced Voting Solutions WinVote machine comes equipped with the simple passcode-‘abcde’ which cannot be changed and sparks the question of how protected is this voting system? In 2007 the Advanced Voting Solutions WinVote machine officially went out of business yet Virginia continued to use these machines until 2015. Pennsylvania and Mississippi also used the AVS machines and did not know how vulnerable these machines were to the possibility of getting hacked.

“The exposure of those devices to the people who do bug bounties or actually look at these kinds of devices has been fairly limited,” Brian Knopf, Director of Security Researcher for Neustar, told CNET. “And so Defcon is a great opportunity for those of us who hack hardware and firmware to look to these kind of devices and really answer that question, ‘Are they hackable?'”

The conference held in Las Vegas acquired thirty machines for hackers to try to break into and all thirty machines were successfully hacked. A San Francisco security platform, Synack, quickly discovered several flaws in the WinVote machine months before this weekend’s conference. Simply attaching a mouse and keyboard to the system allowed them to easily bypass the voting software by pushing “control-alt-delete.” They were also able to crack the machine by installing a remote desktop program to it.

It’s really just a matter of plugging your USB drive in for five seconds and the thing’s completely compromised at that point,” Synack co-founder Jay Kaplan told CNET. “To the point where you can get remote access. It’s very simple.”

The attendees who took place in hacking these systems hope that the discoveries made throughout the convention will pressure states to do more in order to keep their systems secure and less vulnerable to hacking.

“The Village was announced last minute. But in the forums, people were active, looking to understand the problem. The changes have to start somewhere. This year it’s in this room, next year it will be a bigger room,” said Harri Hurtsi, who assisted in the organization of the event.

Leave a Reply