Hackers in competition breach voting machine security in minutes

Hackers competing in a contest at a Las Vegas convention breached the security of several voting machines, pointing to glaring deficiencies in the security of US elections.

The Hill:

Tech minds at the annual "DEF CON" in Las Vegas were given physical voting machines and remote access, with the instructions of gaining access to the software.

According to a Register report, within minutes, hackers exposed glaring physical and software vulnerabilities across multiple U.S. voting machine companies' products.

Some devices were found to have physical ports that could be used to attach devices containing malicious software. Others had insecure Wi-Fi connections, or were running outdated software with security vulnerabilities like Windows XP.

The Register reported that the challenge was designed by Jake Braun, the Chief Executive Officer of Cambridge Global Advisors and Managing Director of Cambridge Global Capital. 

“Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we've uncovered even more about exactly how,” Braun said.

“The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

The machines were bought on Ebay, and were manufactured by major U.S. voting machine companies such as Diebold Nixorf, Sequoia Voting Systems, and Winvote.

Was this a true test of voting machine security? Unknown. "Remote access" could mean several things and may not faithfully represent the kind of cyber security used by states to safeguard voting machines.

Also, this is not news to people who have been warning about the security of our voting machines for years. But no hacker has yet demonstrated they can access actual machines being used to tabulate real votes.

That's still not totally comforting considering what's at stake.

During the 2016 election, Homeland Security offered their help to states to secure their networks. Most states took them up on it. At that time, it was believed that several voter registration lists had been hacked, not the machines themselves. But the apparent ease with which hackers broke into the machines should be a wake up call to states to better secure the vote.