NJ E-Voting machines easily hackable

Princeton Report Rips N.J. E-Voting Machines as Easily Hackable
Computerworld (10/27/08) Weiss, Todd R.

Electronic-voting machines used in New Jersey and elsewhere are unreliable and potentially prone to hacking, concludes a new report from Princeton University and other groups. The 158-page report was ordered by a New Jersey judge as part of an ongoing dispute over the machines.

The e-voting machines can be “easily hacked” in about seven minutes by anyone with basic computer knowledge, according to the report. The vulnerability could enable fraudulent firmware to steal votes from one candidate and give them to another. The machines can be hacked by installing fraudulent software contained in a replacement chip that can be installed on the main circuit board, which would be very difficult to detect, the report says.

The major problem is that there are numerous opportunities in the storage, distribution, and deployment of the machines where an unauthorized person could access and manipulate them without being detected.  Princeton University Andrew Appel, one of the authors of the report, says that such vulnerabilities cast doubts about the accuracy and reliability of the machines.

A group of public interest organizations are plaintiffs in a lawsuit against the state of New Jersey, arguing that the machines should be discarded because they cannot meet state election law requirements for security and accuracy. State officials who support the machines say they are adequate for the job.

———

I think it’s interesting that I immediately think that the Republicans would hack the voting machines.  Leftover Watergate paranoia bias?

Missionary Zeal

I keep the front screen door propped open with a yoga brick when I’m home and the weather’s temperate. This is so the cat’s have easy ingress and egress. They’re happy that way.

The dogs have been trained to stay in and not go through the front door. They sit at the open door and whine and cry when children go by on bikes or neighborhood cats sit in front of the door and taunt them. They stay where they are supposed to. They don’t go past the threshold.

This morning, I saw two young men in suits across the street. I assumed (correctly) they were Mormon missionaries. I had the shower going, wanted to get in, did not want to discuss religion. I decided it would give the missionaries a thrill to have my loud mean barking big fang-ful dogs answer the open door when bell rang. I figured everyone would be fine, the missionaries would just go away petrified, and the dogs would get a little exercise jumping up and down and barking at the strangers per usual.

I got in the shower and pretty soon there was a big commotion and I heard Bob hollering at the dogs to GET BACK IN HERE. Turns out they really like Mormon missionaries. Enough that the dogs (unless it was actually the missionaries) opened the door (!) and went out onto the porch to lick and drool and wiggle around on them and get petted and scritched. Damned dogs. They get an “F” in guard dog duty today.

Easy Peasy

Rice Students Challenge Electronic Voting Machines
Converge (10/13/08)

As part of an advanced computer science class, Rice University professor Dan Wallach is challenging his students to rig a voting machine. Wallach split his class into teams.

During phase one, teams pretend to be unscrupulous programmers at a voting machine company by trying to make subtle changes to the machines’ software that will alter the election’s outcome without being detected by election officials. The second phase has teams playing the part of election software regulators by trying to certify the code submitted by another team during the first phase of the class.

“What we’ve found is that it’s very easy to insert subtle changes to the voting machine,” Wallach says. “If someone has access and wants to do damage, it’s very straightforward to do it.” He says the experiment shows how vulnerable certain electronic-voting systems are.

Wallach says the students often, but not always, are able to find the hacks, but that in real life it would probably be too late. “In the real world, voting machines’ software is much larger and more complex than the Hack-a-Vote machine we use in class,” Wallach says. “We have little reason to believe that the certification and testing process used on genuine voting machines would be able to catch the kind of malice that our students do in class.”

I give up

Keyboard Sniffers to Steal Data
BBC News (10/21/08) 

Doctoral students Martin Vuagnoux and Sylvain Pasini from the Security and Cryptography Laboratory at the Swiss Ecole Polytechnique Federale de Lausanne (EPFL) were able to monitor what people type by analyzing the electromagnetic signals produced by every keystroke.

The EPFL students developed four attacks that will work on a variety of computer keyboards, leading them to declare that keyboards are not safe to transmit sensitive information. Vuagnoux and Pasini tested 11 keyboards that connected to a computer through either a USB or PS/2 socket, though the attacks also work on keyboards embedded in laptops. Each keyboard tested was vulnerable to at least one of the four attacks they developed, with one of the attacks being effective at a distance of 20 meters.

The students used a radio antenna to fully or partially recover keystrokes by detecting the electromagnetic radiation emitted when keys are pressed. The research builds on previous work by University of Cambridge computer scientist Markus Kuhn, who explored ways of using electromagnetic emanations to eavesdrop and steal useful information.

On HAVA (again)

Thousands Face Mix-Ups in Voter Registrations
Washington Post (10/18/08) P. A1; Flaherty, Mary Pat

New state voter registration systems across the U.S. are incorrectly rejecting voters and threatening to disrupt the election process. The problems are occurring in states that switched from locally managed lists of voters to statewide databases, a change required by the Help America Vote Act. Although the switch is supposed to be a more efficient and accurate way to keep lists up to date, the transition is causing the systems to question the registrations of thousands of voters when discrepancies occur between their registration information and other official records.

In Alabama, for example, dozens of voters are being labeled as convicted felons due to incorrect lists, and Michigan is scrambling to restore thousands of names it illegally removed from voter rolls due to residency questions.

In Wisconsin, tens of thousands of voters could be affected, as officials admit that their database is wrong one out of every five times it flags a voter, often due to data discrepancies such as a middle initial or a typo in a birth date. Herbert Lin, who is studying the issue for the federal Election Assistance Commission, says that states are not using the “best scientific knowledge known today,” as required by law.

One of the problems with Wisconsin’s database, which has been in place since August, is that 95,000 voters are incorrectly listed as being 108 years old. If no birth date was available when names were moved into the electronic system, it automatically assigned Jan. 1, 1900. By federal law, anyone whose name is flagged must be notified and given a chance to prove his or her eligibility, but voting rights experts say voters are not always alerted, and some, even if they are notified, may simply decide to skip the election as a result.