Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/28/2017
09:40 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

DEF CON Rocks the Vote with Live Machine Hacking

Jeff Moss, founder of the hacker conference, is planning to host a full-blown election and voting system for hacking in 2018 at DEF CON, complete with a simulated presidential race.

DEF CON 25 – Las Vegas – It took just 90 minutes before hackers here today rooted out two zero-day vulnerabilities in a pair of decommissioned voting systems stationed in the hacker conference's first-ever Voting Machine Hacker Village.

DEF CON founder Jeff Moss, aka Dark Tangent, says he and his team recently purchased the used voting machines on eBay for hackers here to hammer away at and find flaws that ultimately get reported to the vendors of the machines. There were 30 pieces of voting equipment in the room, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winvote, and Diebold Expresspoll 4000 voting machines.

The first two hacks this morning are expected to be the tip of the iceberg: these systems are well-known to be rife with outdated software such as Windows CE, and plenty of ports for hardware exposure, including PCMCIA, serial ports, and even a WEP-based WiFi feature - all of which are ripe for abuse. As of this posting, another hacker had cracked the hardware and firmware of the Diebold TSX voting machine. 

In the first two discoveries of the day, a hacker found a remote access flaw in the WinVote voting machine's operating system, and exposed real election data that was still stored there. Another hacker cracked the Express-Pollbook system, exposing the internal data structure via a known OpenSSL flaw, CVE-2011-4109, allowing remote attacks.

"What this tells me is hackers in less than two hours can figure something out and a nation-state could have this on their hands for months or years," Moss said in an interview here today. "It doesn't have to be nation-states. It could be criminal organizations; it doesn't have to be limited to Russia."

Moss said for DEF CON next year, he's planning an actual election voting simulation at the hacker conference: DEF CON will hold a mock election, possibly with Moss running for president against another as-yet unnamed opponent. Hackers will have their crack at the systems.

"There's never been a security test of a complete voting system … We're trying to build a whole system, but it's hard to get the back-end pieces," he said. "I have confidence by next year we will have a complete end to end voting system set up. We'll have fake elections and people can attack it and at the end of the con," we'll share the results, he said.

While the Voting Village concept evolved out of concerns raised by Russia's tampering with the 2016 US election, it also came amid a backdrop of a cybersecurity industry that's experiencing some soul-searching, and growing pains. Alex Stamos, CISO of Facebook, during the keynote address earlier this week at Black Hat USA urged attendees to channel energy into innovative defensive solutions, rather than just breaking things.

Facebook also upped the ante for its Internet Defense Prize program, to $1 million to encourage more hackers to come up with unique defense solutions for Internet users.

Meanwhile, DEF CON is now 25 years old, a milestone that had Moss reflecting on what comes next for the world's largest hacker conference and the hacking community. "The days of the lone hacker being able to do it all is pretty much [over]. It's much more social, is one of my messages this year," Moss said. "Since you can't know it all, and it's more important about who you know, and they know the stuff you don’t know and can help you."

It's a bit of a throwback to the pre-Google search days, when hackers sought out mentors and other hackers to assist their research and inform their work, he noted. Mentorship is key to this next phase of security innovation, he said.

That doesn't mean offense is dead. "There's a big place for breaking because offense always informs the defense. If you love breaking just keep breaking. You have to recognize that you're operating in a bigger context now," Moss went on to say, noting: "Hacking is not going to slow down. If anything, it's going to become more relevant. We try to stay true to our identity as best we can. It can never be the way it was 20 years ago, but I think we're making the change … the world has moved on and we're moving along with it."

Related Content:

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
100%
0%
Kelly Jackson Higgins,
User Rank: Strategist
7/31/2017 | 12:19:00 PM
Re: Voting for Moss
#TheDarkTangentForPresident
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
7/31/2017 | 12:10:24 PM
Voting for Moss
This is a great sign.  CTF - while always exciting even when on the same old architecture - needed to evolve to bring a sense of current urgency to the activity.  This is a CTF that is meaningful to everywhere, low-tech to hacker.  With the right visibility this could potentially lead to forever changing our voting tech and processes, ideally to the point where at least this one element in the next election is not a distraction.  Kudos.  I'm voting for Moss, naturally.
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...