Network Computing Dark Reading

Advertise

Attacks/Breaches

10/13/2016
01:00 PM

Jai Vijayan
Slideshows

Connect Directly

1 Comment
Comment Now

7 Ways Electronic Voting Systems Can Be Attacked

Pre-election integrity tests and post-election audits and checks should help spot discrepancies and errors, but risks remain.

2 of 8

Attacks on Election Management and Voter Registration Systems

Voting machines � the equipment that people actually use to cast their ballots � are not connected to the internet and therefore are not remotely accessible in most situations. But the same is not true of the systems that people use to register for voting online.

Security vulnerabilities in such systems can be remotely accessed and exploited over the internet.

Attackers have already targeted online voter registration systems in some 20 states. Two of the states � Illinois and Arizona � have confirmed breaches of their systems. In August, the Illinois State Board of Elections said unknown attackers had potentially accessed 86,000 voter records. In June, Arizona�s Secretary of State shut down portions of its voter registration site for a few days after a county official�s computer was breached and a credential related to the registration system was compromised.

But the chances of such intrusions somehow effecting election outcomes are remote. �Poll books, printed records, back-ups and back-ups of back-ups all provide multiple layers of security around this part of the process,� said the National Association of Secretaries of State (NASS). It is highly difficult to leverage such systems for changing outcomes.

Image Source: Pew Charitable Trusts

2 of 8

Comment |

Email This |

Print |

RSS

Comments

Threaded | Newest First | Oldest First

[close this box]

50%

Joe Stanganelli,
User Rank: Ninja
10/15/2016 | 1:43:46 PM

One place where we need open source

Contributing to all of these factors (especially #3) is that electronic voting systems are proprietary and not open source. Accordingly, there is no real auditing that can be done -- and whenever an update gets pushed out, it has to go through an onerous, lengthy vetting process (where very little genuinely useful information actually gets discovered) -- sometimes up to two years...meaning that systems stay un-updated for two years or more, that the updates may be ineffective if not outright bad, and that local governments don't have the time or money to train their volunteers on the systems.

Reply | Post Message | Messages List | Start a Board

Hot Topics

Editors' Choice

California Man Arrested for Politically Motivated DDoS

Dark Reading Staff 2/21/2020

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Robert Lemos, Contributing Writer, 2/20/2020

Ransomware Damage Hit $11.5B in 2019

Dark Reading Staff 2/20/2020

Live Events

Webinars

March 16-19, 2020: Data Center World Registration is open! Join Us

Data Center World: The leading conference & expo for Data Center and IT Infrastructure Professionals. Register Today!

Get Insights: Cisco vs Microsoft & More at EC20 Orlando

More Informa Tech Live Events

White Papers

Let's Talk: Why Language Matters in Cybersecurity

6 Emerging Cyber Threats That Enterprises Face in 2020

Digital Transformation Built on the Cloud

The Role of Predictive Intelligence in the Fight Against Cyberattacks

Q4 Malware Trends Report

More White Papers

Video

All Videos

Cartoon

Latest Comment: "... you see, he has solid cyber security knowledge, still we cannot hire him with his long hair and T-shirt"

Cartoon Archive

Current Issue

6 Emerging Cyber Threats That Enterprises Face in 2020

This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Developing and Maintaining Secure Applications

The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.

Download Now!

How Enterprises are Attacking the Cybersecurity Problem

0 comments

How Data Breaches affect the Enterprise

0 comments

Rethinking Enterprise Data Defense

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-19668
PUBLISHED: 2020-02-27

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-17963. Reason: This candidate is a reservation duplicate of CVE-2018-17963. Notes: All CVE users should reference CVE-2018-17963 instead of this candidate. All references and descriptions in this candidate have been removed to preve...

CVE-2019-12882
PUBLISHED: 2020-02-27

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2017-6363
PUBLISHED: 2020-02-27

** DISPUTED ** In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c. NOTE: the vendor says "In my opinion this issue should not have a CVE, since the GD and GD2 formats are documented to be 'obsolete, and should only be used for...

CVE-2017-6371
PUBLISHED: 2020-02-27

Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.

CVE-2017-5861
PUBLISHED: 2020-02-27

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-1000020. Reason: This candidate is a reservation duplicate of CVE-2017-1000020. Notes: All CVE users should reference CVE-2017-1000020 instead of this candidate. All references and descriptions in this candidate have been removed to...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]