After nearly an hour and a half, Carsten Schürmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas’ Defcon convention on Friday night, CNET reports.
Schürmann penetrated Advanced Voting Solutions’ 2000 WinVote machine through its Wi-Fi system. Using a Windows XP exploit from 2003, he was able to remotely access the machine, CNET reports.
The convention purchased more than 30 voting machines for the event, although, organizers didn’t specify how many models those units represented.
“The exposure of those devices to the people who do bug bounties or actually look at these kind of devices has been fairly limited”, Brian Knopf, director of security researcher for Neustar, told CNET. “And so Defcon is a great opportunity for those of us who hack hardware and firmware to look to these kind of devices and really answer that question, ‘Are they hackable?’”
Synack, a San Francisco security platform, discovered serious flaws with the WinVote machine months ahead of this weekend’s convention. The team simply plugged in a mouse and keyboard and bypassed the voting software by clicking “ctrl-alt-del”.
“It’s really just a matter of plugging your USB drive in for five seconds and the thing’s completely compromised at that point”, Synack co-founder Jay Kaplan told CNET. “To the point where you can get remote access. It’s very simple.”
A hacker, who only identified himself as “Oyster,” tried to crack a Diebold voting machine after another team had compromised it.
Anne-Marie Hwang, a Synack intern, told CNET that changing votes can be as simple as updating a Microsoft Excel document…