Hackers at convention test voting systems for bugs
12 August, 2018
Def Con, one of the world’s largest security conventions, served as a laboratory for breaking into voting machines on Friday, extending its efforts to identify potential security flaws in technology that may be used in the November US elections.
Hackers will continue to probe the systems over the weekend in a bid to discover new vulnerabilities, which could be turned over to voting machine makers to fix.
The three-day Las Vegas-based “Voting Village” also aimed to expose security issues in digital poll books and memory-card readers.
“We see a lot of value in doing things like this. We think it’s important,” said Jeanette Manfra, assistant secretary of cybersecurity and communications at the US Department of Homeland Security, in an interview.
“The idea is, when we find things here, how do we connect them with the actual vendors and make sure that we are closing this loop back to a coordinated vulnerability disclosure process.”
Def Con held its first voting village last year after US intelligence agencies concluded the Russian government used hacking in its attempt to support Donald Trump’s 2016 candidacy for president. Moscow has denied the allegations.
Organizers have returned ahead of the November elections, in which Democrats hope to take control of the US House of Representatives. Trump’s national security team last week warned that Russia had launched “pervasive” efforts to interfere in the elections.
“These vulnerabilities that will be identified over the course of the next three days would, in an actual election, cause mass chaos,” said Jake Braun, one of the village’s organizers. “They need to be identified and addressed, regardless of the environment in which they are found.”
Participants will have a chance to hack into more than five types of voting machines from manufacturers including Elections Systems & Software and Dominion Voting.
Last year a Danish researcher figured out how to take control of a touchscreen voting system used through 2014 in a remote hack that organizers said could work from up to 1,000 feet away.
A group representing US secretaries of state lauded the goal of bolstering election security, but warned that the findings might be skewed.
“It utilizes a pseudo environment which in no way replicates state election systems, networks or physical security,” the National Association of Secretaries of State said in a statement.
Verified Voting, an advocacy group that helped organise the hacking village, said that some of the voting machine models being tested are still used to tally votes across the United States.
One system, the Dominion Premier/Diebold AccuVote TSx system, is used in 20 states and 23,784 precincts, according to Verified Voting.