Hacking an Election Is Not a Walk in the Park

Hardly a day went by without news about possible election tampering or voting machine hacking. Hopefully the result of the increased scrutiny will be a more focused look at the technologies and processes employed as part of the US election system. The following thoughts and viewpoints are based on observations made around recent demonstrations of voting machine hacking and election system threats. Those Poor Voting Machines As far as we know, voting machines are not exposed directly to the internet nor are they likely to be subject to the common malware threats we would see in a normal production environment. Not to mention, the expertise (ok, although minimal to some) required to open one and physically tamper with it without raising suspicions, is not as simple as we might think - despite demonstrations to the contrary. I’m no expert but I’ve worked on lots of electronic equipment and removed IC’s, EPROMs, SOIC’s and all other manner of components before - it’s not something you stick 2 fingers in and pull out the part in 3 seconds. Sure, you can do it but it won’t be pretty. It usually requires effort and some finesse to get a socketed chip out without doing damage - often times a screwdriver or other tool to pry it out of the socket (ok, I’m not counting ZIF sockets, you got me now). Integrated Circuits like these require special handling (ant-static or data on the chip can be become damaged). It's not super hard but more trouble to go through to ensure the hack works. The assumption here is that all these machines have socketed EPROMs containing the machines firmware code - at least that’s what we saw in recent demonstrations. Someone walks in and swaps out a couple EPROMs with modified ones and the counts can be tampered with. And that was just one model of voting machine. According to <a href="https://www.verifiedvoting.org/resources/voting-equipment/" target="_blank">VerifiedVoting</a>, there are at least 15 manufacturers and over 50 different models of voting hardware in use today. <img src="https://cdn.filestackcontent.com/we2Ug9N2RfOta0xojfoW"/> Figure 1 – Chart of the various models of Voting machines in use. With that many different machines, it seems like a stretch you would be able to get this “EPROM swap attack” right. What if it is not socketed? Then it is likely soldered directly to the board. Does that mean there is a risk of cyber-terrorists running around with soldering irons? Unlikely. Even if this did work, it wouldn’t scale. Tampering with one machine, (as bad as it may be), is probably not enough to skew an entire election. It would also seem that a physical attack on the machines themselves, (on or just prior to election day), is simply too risky and not worth the reward. The tools, timing, effort & expertise needed to pull this off and for it to be successful, is on the unlikely side. More Targets, More Stealth Anyone with a divine interest in getting inside our election systems will probably not waste time with such high risk "Burn Notice" style operations and any incidences of such would likely be isolated. As I mentioned earlier, the thought of physically swapping IC’s/chips in a voting machine, doesn’t fly with me as something that would actually work in a real world scenario, let alone allowing the attacker to get away with it undetected. A meatier target might be the equipment that accumulates and tallies the votes. These also transmit the results to other systems for validation. In addition, these systems have been reported to still be running antiquated OS’s like Windows XP. It is assumed they are highly vulnerable but there are no cases we know of where one of these machiness has ever been accessed. A stealthier, more determined attacker may opt for penetrating the software companies that manufacture the (voting) hardware, software or other components. Determined threat groups have been known to infiltrate companies that do business with targets of interest. Getting into the supply chain through vendors and service providers may have less risk to an attacker than physically breaking into any machine. Stealing information on manufacturing, additional supply-chain info, or better yet, gaining access to any kind of encryption keys, could be the pirates booty for a long term sustained election hacking operation. Remote Access (i.e., IT/Support) This may seem like an unlikely scenario, but we see it time and time again where well-meaning staff turn to 3rd party remote- control-desktop apps in the pursuit of efficiency. In reality, critical systems will (hopefully) be air-gapped from the internet and restricted to business applications only. However, there can be other less critical systems that may be accessible and allow an attacker to pivot or perform reconnaissance. Offshore IT service companies are notorious for using these remote control tools to support systems throughout the world. With many organizations running on tight budgets, it is not surprising to see the use of lower-quality or consumer grade remote access and IT services to help maintain their own computer infrastructure. The use of these tools could open the door to outside attackers. Let's hope this isn't the case around election systems. Insider Threat While it is likely that most staffers are vetted, we think a determined actor might be able to pass a security screening and infiltrate a local election entity or supplier gaining some level of access to voting equipment. While that would be fairly extreme and a possible plot for an espionage movie, the more likely scenario might simply be working with a politically corrupt or heavily biased individual with privileged access to voting machines or voting data. We may never know if our elections were ever “hacked”, but we do know there are ways to improve elections by establishing secure standards for voting systems and ensuring the security of our elections at all levels. Being aware of the weaknesses in our current system can only help identify when those vulnerabilities are being exploited and ensure our elections are better secured.