Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

Democracy-minded DEF CON hackers promise punishing probe on US election computers

Voting machine hacking could turn very ugly

Iain Thomson in San Francisco Wed 24 May 2017  //  22:36 UTC

Organizers at the DEF CON hacking conference in July are planning a mass cracking of US electronic election machines.

The event, which for over 20 years has attracted the best and the brightest in the hacking community, will see a group hackathon against the voting machines that are used in every US election these days. The purpose is to check whether the machinery that underpins the electoral system is up to scratch.

"Pretty much, just like everything else, it's time for hackers to come in and tell you what's possible and what's not," DEF CON founder Jeff Moss told Politico. "We're only going to play with them for a couple of days, but bad guys can play with them for weeks or years."

America was one of the earliest adopters of electronic voting systems, in part due to the fiasco of the 2000 presidential election that saw lawsuits over partially punched paper ballots. But there have been doubts raised about the security of electronic systems almost immediately since their introduction.

While there has never been definitive proof of election machine hacking, it has long been a concern and there have been allegations aplenty. Even now, security experts are finding worryingly easy ways to subvert legitimate vote counts.

"Up until now, the voting machine companies keep telling us everything is totally secure, when everyone in cybersecurity knows there's nothing that's totally secure, it's all just a matter of risk mitigation," said Jake Braun, cybersecurity lecturer at the University of Chicago. "It'll be good to get some independent folks who don't have an ax to grind one way or the other."

Other countries are also troubled by the prospect of voting machine manipulation. India is to hold a hackathon for its election machines to find out if they can be subverted, and the EU has voiced concern about voting security. US regulations on voting machines are lax to say the least, and the DEF CON crews should find lots of interesting holes.

The Register has yet to receive a response from manufacturers as to whether they will be patching beforehand. ®
Send us news
20 Comments

X's Grok AI is great – if you want to know how to hot wire a car, make drugs, or worse

Elon controversial? No way

Fox News 'hacker' turns out to be journalist whose lawyers say was doing his job

Also, another fake iOS app slips into the store, un-cybersafe EV chargers leave UK shelves, and critical vulns

Hackers mod a Sony PlayStation Portal to run PSP games

Modders claim GTA: Liberty City Stories and Tekken 6 are running 'very smoothly'

Wikileaks source and former CIA worker Joshua Schulte sentenced to 40 years jail

'Vault 7' leak detailed cyber-ops including forged digital certs

Tesla hacks make big bank at Pwn2Own's first automotive-focused event

ALSO: SEC admits to X account negligence; New macOS malware family appears; and some critical vulns

Think tank report labels NSO, Lazarus as 'cyber mercenaries'

Sure, they do crimes. But the plausible deniability governments adore means they deserve a different label

Red Cross lays down hacktivism law as Ukraine war rages on

Rules apply to cyber vigilantes and their home nations, but experts cast doubt over potential benefits

CLI-beautifying ANSI escape sequences can also make your log files a security threat

When you can't even cat your telemetry safely, who can you trust?

Tesla hackers turn to voltage glitching to unlock paywalled features

Oh, this old thing? Yeah, it's got an AMD processor. Why?

Unsealed: Charges against Russians blamed for Mt Gox crypto-exchange collapse

What a blast from the past, the past being a year before the pandemic

Some potential: How bad software updates could over-volt, brick remote servers

PMFault – from the eggheads who brought you Plundervolt and Voltpillager

Arm acknowledges side-channel attack but denies Cortex-M is crocked

Spectre-esque exploit figures out when interesting info might be in memory