Hackers breached defences of US voting machines in less than 90 minutes

Hackers competed to take control of US voting machines and overcame some of their security defences in less than 90 minutes.

One hacking team at the DEF CON cybersecurity conference in Las Vegas ‘rick-roll’d’ a touchscreen voting machine so it played Rick Astley’s 1987 hit ‘Never Gonna Give You Up’, and another contestant was able to gain full remote control of a notoriously weak device from his laptop.

The results of the competition are likely to add to anxieties about the hacking of future US elections and about possible Russian interference in Donald Trump’s victory in November.

The US Department of Homeland Security said last year that it was “confident” the Russian Government had directed the hacking and leaking of Democratic National Committee emails in the run-up to Donald Trump’s victory over his Democrat rival Hillary Clinton.

And last month it was reported that a leaked National Security Agency document stated that Russian military intelligence executed a cyberattack on at least one US voting software supplier and sent phishing emails to more than 100 local election officials just days before the presidential election.

The DEF CON competition was said to have exposed a wide range of vulnerabilities in 30 computer-powered ballot boxes that had been acquired on eBay or from US government auctions so hackers could try to attack them.

The hackers were allowed to break the machines open to see how they worked, as well as trying to gain control of them remotely.

It allegedly took them less than 90 minutes to find the first cracks in the machines’ defences.

It was also claimed that Carsten Schürmann, an associate professor at the IT University of Copenhagen, was able to exploit poorly secured WiFi to gain remote control of one machine that has been used in previous US county elections.

The Register reported that some machines were using outdated and relatively easily hacked software, including unpatched versions of OpenSSL and Windows XP and CE.

Other machines had open ports, physical docking points meant for the use of election officials, which could be exploited to instal malicious software. Simple Google searches reportedly allowed other hackers to find passwords that would allow them administrative access to some machines.

Jake Braun, the Chief Executive Officer of Cambridge Global Advisors, who devised the hacking competition, said: “Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community, we’ve uncovered even more about exactly how.

“The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”

Douglas Lute, a former Deputy National Security Advisor who is now a senior consultant for Cambridge Global, added: “This [election hacking] is now a grave national security concern that isn’t…

Read the full article from the Source…

Back to Top