Princeton report rips N.J. e-voting machines as easily hackable
Vendor challenges research, says its machines are safe and reliable
With eight days to go before the presidential election, a report has been released by Princeton University and other groups that sharply criticizes the e-voting machines used in New Jersey and elsewhere as unreliable and potentially prone to hacking.
The 158-page report, which was ordered by a New Jersey judge as part of an ongoing four-year legal fight over the machines, says the e-voting machines can be "easily hacked" in about seven minutes by anyone with basic computer knowledge. Such hacking activity could enable fraudulent firmware to steal votes from one candidate and give them to another, the report said.
The controversy involves the Sequoia AVC Advantage 9.00H direct-recording electronic (DRE) touch-screen voting machines made by Oakland, Calif.-based Sequoia Voting Systems.
The report comes amid news stories in at least three states -- West Virginia, Texas and Tennessee -- where voters have told local election officials that they believe the e-voting machines they used tried to "flip" their votes to other candidates.
The AVC machines can be hacked by installing fraudulent software contained in a replacement chip that can be installed on the main circuit board, according to the report. Such a part replacement is very difficult to detect, it noted.
Andrew Appel, a Princeton University computer science professor who is one of the authors of the report, said that such security vulnerabilities cause doubts about the accuracy and reliability of the machines.
The plaintiffs, a group of public interest organizations, argue in their lawsuit against the state of New Jersey that the machines should be discarded because they can't meet state election law requirements for security and accuracy. State officials who back the machines argue that the machines are adequate for the job.
The lawsuit is expected to go to trial in January, but in the meantime, the court allowed the Princeton report to be released to the public.
The report gives details on how the machines could be manipulated by someone who wanted to change the results of the election, and it strongly criticizes the designs and security of the devices.
At the same time, Appel said that while such a scenario is possible, "it doesn't mean that somebody is dishonest enough to do it."
"Even so, it's an unpleasant place to be in to have to use these machines that are so hackable," Appel said. "Early next week, I'm going to have to go out and cast my vote on one of these machines."
The problem, according to the report, is that there are many opportunities in the storage, distribution and deployment of the DRE machines where an unauthorized person could manipulate them and not be detected.
Voting tech 2008
- Election Day: Live blog
- E-voting '08: Problems, yes, but it could have been worse
- E-voting problems reported early in battleground states
- Election Day: What could possibly go wrong?
- Top 20 Election Day sites, tools
- E-voting groups keeping tabs on a handful of states
- Opinion: Will your vote count?
- Q&A: Felten on e-voting and what can go wrong
- Are design issues to blame for vote 'flipping' in touch-screen machines?
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!