Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/13/2016
01:00 PM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

7 Ways Electronic Voting Systems Can Be Attacked

Pre-election integrity tests and post-election audits and checks should help spot discrepancies and errors, but risks remain.
3 of 8

Malware Uploads On Air-Gapped Systems

Even though voting machines are almost never directly connected to the internet they still need to be able to receive electronic files that tell it which candidates are on the ballot. Typically, election officials do this by preparing the so-called ballot definition files on a separate election management system and then transferring it to the voting system via a memory card or cartridge.

Many voting machines designed in the 1990s and 2000s, and which are scheduled for use in the upcoming election, use flash memory to store and update the ballot definition file. A lot of these systems are enabled to receive software updates in the same way they receive the ballot files - via cartridge or a memory card. This opens an opportunity for an attacker to slip a malicious program into a voting machine that causes it to miscount votes, according to Andrew Appel, professor of computer science at Princeton University's Center for Information Technology Policy.

An attacker could do this over the internet by breaking into the computer that is used to create the ballot definition files or someone with access to the computer could slip in malicious code while creating the ballot file, he said.

Such malicious code updates can be undetectable on direct record electronic voting machines that accept unsigned software updates via cartridge or memory card - and that don't have a verifiable paper audit trail as a backup, he said. New Jersey, Delaware, South Carolina, Georgia and Louisiana are scheduled to use DRE machines without any paper backup.

The threat is substantially mitigated in systems that do have a paper audit trail, however.

Image Source: Wikimedia Commons

Malware Uploads On Air-Gapped Systems

Even though voting machines are almost never directly connected to the internet they still need to be able to receive electronic files that tell it which candidates are on the ballot. Typically, election officials do this by preparing the so-called ballot definition files on a separate election management system and then transferring it to the voting system via a memory card or cartridge.

Many voting machines designed in the 1990s and 2000s, and which are scheduled for use in the upcoming election, use flash memory to store and update the ballot definition file. A lot of these systems are enabled to receive software updates in the same way they receive the ballot files via cartridge or a memory card. This opens an opportunity for an attacker to slip a malicious program into a voting machine that causes it to miscount votes, according to Andrew Appel, professor of computer science at Princeton Universitys Center for Information Technology Policy.

An attacker could do this over the internet by breaking into the computer that is used to create the ballot definition files or someone with access to the computer could slip in malicious code while creating the ballot file, he said.

Such malicious code updates can be undetectable on direct record electronic voting machines that accept unsigned software updates via cartridge or memory card and that don't have a verifiable paper audit trail as a backup, he said. New Jersey, Delaware, South Carolina, Georgia and Louisiana are scheduled to use DRE machines without any paper backup.

The threat is substantially mitigated in systems that do have a paper audit trail, however.

Image Source: Wikimedia Commons

3 of 8
Comment  | 
Print  | 
Comments
Threaded  |  Newest First  |  Oldest First
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
10/15/2016 | 1:43:46 PM
One place where we need open source
Contributing to all of these factors (especially #3) is that electronic voting systems are proprietary and not open source.  Accordingly, there is no real auditing that can be done -- and whenever an update gets pushed out, it has to go through an onerous, lengthy vetting process (where very little genuinely useful information actually gets discovered) -- sometimes up to two years...meaning that systems stay un-updated for two years or more, that the updates may be ineffective if not outright bad, and that local governments don't have the time or money to train their volunteers on the systems.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 4/7/2020
The Coronavirus & Cybersecurity: 3 Areas of Exploitation
Robert R. Ackerman Jr., Founder & Managing Director, Allegis Capital,  4/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
State of Cybersecurity Incident Response
State of Cybersecurity Incident Response
Data breaches and regulations have forced organizations to pay closer attention to the security incident response function. However, security leaders may be overestimating their ability to detect and respond to security incidents. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-1627
PUBLISHED: 2020-04-08
A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash. By continuously sending ...
CVE-2020-1628
PUBLISHED: 2020-04-08
Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. It was discovered that packets utilizing these IP addresses may egress an EX4300 switch, leaking configuration information such as heartbeats, kernel versions, etc. out to the Internet, leading...
CVE-2020-1629
PUBLISHED: 2020-04-08
A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message. This issue affects Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S6; 16.2 versions prior to 16.2R2-S11; ...
CVE-2020-1630
PUBLISHED: 2020-04-08
A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This...
CVE-2020-1634
PUBLISHED: 2020-04-08
On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue ...