terça-feira, 1 de agosto de 2017

Hackers Take Over US Voting Machines In Just 90 Minutes

Mohit Kumar
Em 30/07/2017 no site The Hacker News.

hacking-voting-machine
Image Credit: @tjhorner
Today, election hacking is not just about hacking voting machines, rather it now also includes hacking and leaking dirty secrets of the targeted political parties—and there won’t be a perfect example than the last year's US presidential election.

But, in countries like America, even hacking electronic voting machines is possible—that too, in a matter of minutes.

Several hackers reportedly managed to hack into multiple United States voting machines in a relatively short period—in some cases within minutes, and in other within a few hours—at Def Con cybersecurity conference held in Las Vegas this week.

Citing the concern of people with the integrity and security of American elections, for the first time, Def Con hosted a "Voting Machine Village" event, where tech-savvy attendees tried to hack some systems and help catch vulnerabilities.

Voting Machine Village provided 30 different pieces of voting equipment used in American elections in a room, which included Sequoia AVC Edge, ES&S iVotronic, AccuVote TSX, WinVote, and Diebold Expresspoll 4000 voting machines.

And what's horrible? The group of attendees reportedly took less than 90 minutes to compromise these voting machines.
Members of the Def Con hacking community managed to take complete control of an e-poll book, an election equipment which is currently in use in dozens of states where voters sign in and receive their ballots.

Other hackers in attendance claimed to have found significant security flaws in the AccuVote TSX, which is currently in use in 19 states, and the Sequoia AVC Edge, used in 13 states.

Another hacker broke into the hardware and firmware of the Diebold TSX voting machine.

Hackers were also able to hack into the WinVote voting machine, which is available on eBay, and have long been removed from use in elections due to its vulnerabilities.

Hackers discovered a remote access vulnerability in WinVote's operating system, which exposed real election data that was still stored in the machine.

Another hacker hacked into the Express-Pollbook system and exposed the internal data structure via a known OpenSSL vulnerability (CVE-2011-4109), allowing anyone to carry out remote attacks.
"Without question, our voting systems are weak and susceptible. Thanks to the contributors of the hacker community today, we’ve uncovered even more about exactly how," said Jake Braun, a cybersecurity expert at the University of Chicago, told Reg media.
"The scary thing is we also know that our foreign adversaries — including Russia, North Korea, Iran — possess the capabilities to hack them too, in the process undermining the principles of democracy and threatening our national security."
Election hacking became a major debate following the 2016 US presidential election, where it was reportedthat Russian hackers managed to access U.S. voting machines in at least 39 states in the run-up to the election.

However, there is no evidence yet to justify these claims.

Even, Hacking of voting machines is also a major concern in India these days, but the government and election commission has declined to host such event to test the integrity of EVMs (Electronic Voting Machines) used during the country's General and State Elections.

Nenhum comentário:

Postar um comentário