Why Was Virginia Using This Horribly Unsafe Voting Machine for Years?
You wouldn’t want “abcde” to be the password standing between a hacker and your computer, and you don’t even do anything important on your computer. So why was it ever all right for hardware that facilitates American democracy to be so stupidly vulnerable?
A new report by the Virginia Information Technologies Agency shows that a teen with a modicum of determination and a little allowance saved up could’ve easily altered the results of elections held within the state. Only now, after years in service despite a history of breaking and earlier reports of risk, is the state “decertifying” the touchscreen computers for future elections, The Roanoke Times reports.
But why did it take this long? The AVS WinVote machines used were horrible in almost every way, even when they were working properly.
The voting machines were running a version of Windows from 2002 that’d never been updated or patched.
The voting machines were open to wireless network connections (bad idea) that used WEP encryption that’s been unsafe and obsolete since 2004 (worse, super-awful idea).
The encryption key required to break into this wireless connection was “abcde.”
The admin password to control the entire voting machine was “admin.”
Either of these passwords are so simple and so stupid that they could be broken by someone almost instantly.
Any single one of these very weak weak-points would’ve been a good reason to never use AVS WinVote—but it wasn’t until voters complained that some of the touchscreens weren’t working well that anyone bothered to check to see if someone could be manipulating the entire voting process. Jeremy Epstein of the National Science Foundation’s Secure and Trustworthy Cyberspace program, put it bluntly in a blog post today:
If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.
The steps for rigging an election via WiFi are a total breeze:
So how would someone use these vulnerabilities to change an election?
- Take your laptop to a polling place, and sit outside in the parking lot.
2. Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us).
3. Connect to the voting machine over WiFi.
4. If asked for a password, the administrator password is “admin” (VITA provided that).
5. Download the Microsoft Access database using Windows Explorer.
6. Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us.
7. Use Microsoft Access to add, delete, or change any of the votes in the database.
8. Upload the modified copy of the Microsoft Access database back to the voting machine.
9. Wait for the election results to be published.
Epstein adds that once “an election official told me about playing solitaire on the device, to demonstrate just how complete it was.” The Virginia Information Technologies Agency’s report estimates that replacing these stupid, stupid machines will cost a little over $6 million, which is very, very little compared to how stupid they are. Rather than waiting to discover these inevitable, gaping security holes on a case by case basis, it’d save everyone a lot of pain and potential stolen elections to just stop voting with computers altogether.
Photo via VerifiedVoting.org
Correction: This post incorrectly referred to VITA as the Virginia Information Technology Association; it is the Virginia Information Technology Agency
Contact the author at biddle@gawker.com.
Public PGP key
PGP fingerprint: E93A 40D1 FA38 4B2B 1477 C855 3DEA F030 F340 E2C7