Are Voting Systems Really This Easy to Hack Into? DefCon Says Yes

defcon hack - voting machine hacking village report

No system is hack-proof, and software is no exception. But how easy is it to hack into something so mission-critical as a voting system? According to this year’s DefCon attendees, it’s surprisingly easy.

DefCon is the world’s largest hacker convention held in Las Vegas, Nevada, every year, and is attended by thousands of hackers. At this year’s convention, the “Voting Machine Hacking Village” saw dozens of voting machines being digitally and physically prodded and probed for vulnerabilities. Without exception, every one of them was easily hacked into, some through a software vulnerability and some through physical access.

Should that surprise you? Yes it should, because it came out that many of the systems were running software that was seriously outdated. I’m talking 1989 outdated. And there were almost no measures put in place to check if the code was still legitimate.

Most of the hacks happened within hours, even though the researchers at times didn’t have direct access to the systems. In the case of unprotected systems with USB ports and other physical vulnerabilities, one hacker guessed that it would take no more than 15 seconds to make the system go crazy with a keyboard and a USB stick. In many cases, vulnerabilities were discovered in a matter of tens of minutes, or just a few hours.

For such an important event as voting, which basically decides who runs the most powerful country in the world for four years, you’d think that the latest systems and the latest cybersecurity measures would be in place. Apparently not.

The report from DefCon’s attendees is even more fascinating. They opined that if newbie hackers could compromise a system after only a very brief learning curve, what would seasoned state-sponsored hackers be able to do? The report also warned of using “foreign” components, or software that could leave the system open to vulnerability from certain nefarious parties.

Government officials regularly attend DefCon, and that happened this year as well. In fact, the State of Virginia is taking steps to replace one of the machines that was the subject of a successful hack at the event. But what about the rest of the states? What about politicians who didn’t attend the conference and are completely unaware of the hacking risks within the voting system.

Election officials need to be on the same page regarding the technological integrity of the entire nation’s voting systems. And that won’t happen unless a concerted effort is mounted and a firm commitment is made to fix the problem.

This news is hot out of the oven, so the possible implications of these findings on last year’s presidential elections have probably not sunk in yet. When it does, it could spark off a controversy or an investigation. We don’t know what might happen, but we do know that a serious problem has been exposed, and something needs to be done about it sooner rather than later.

Thanks for visiting. Please support 1redDrop on social media: Facebook | Twitter