Thursday, August 13, 2009
E-Voting Allows Hackers to Switch Votes
E-Voting Machine Hack Steals Votes University researchers fool an e-voting machine into swapping votes from one candidate to another
Aug 12, 2009 | 04:27 PM By Kelly Jackson Higgins
DarkReading
Electronic voting machine security suffered another blow as researchers this week showed how they were able to hack a machine and steal votes.
A team of computer scientists from University of California-San Diego, the University of Michigan, and Princeton University used an attack based on "return-oriented programming" to turn a Sequoia AVC Advantage e-voting machine against itself and shift votes from one candidate to another.
Return-oriented programming basically takes snippets of code from the application and totally reassembles it into something with no resemblance to the program -- akin to selecting words or phrases from a story and putting them together into a different paragraph that means something completely different, says Hovav Shacham, a professor of computer science at UC San Diego's Jacobs School of Engineering and one of the lead researchers in the hack. UCSD had previously shown how the technique could work on desktop machines.
The attack doesn't require any new code, either: "The attacker reuses short snippets of the existing system and recombines them in such a way that the computation they perform is exactly the computation he wants to carry out," he says.
Editor's Note: Seems to me that E-Voting and biometrics are an ideal fit...enter Microsoft and UPEK's Worldwide Biometric Challenge! I told Pay By Touch that they should've explored that niche, even reserved www.VoteByTouch.com but they went with Healthcare...
Continue Dark Reading