Close

Hackers find serious problems in California voting machines

Share on facebook
Share on twitter
Share on linkedin
Share on whatsapp
Hackers find serious problems in California voting machines

Sacramento (CA) – A new California study has found that several electronic voting machines have serious security vulnerabilities.  California Secretary of State Debra Bowen commissioned the study which pitted two hacker teams, better known as “Red Teams” against voting machines manufactured by Diebold, Hart and Sequoia.  The hackers found several security problems and were able to change firmware, access the election database and even open up the machines without detection.

The study was headed by Matt Bishop from UC Davis.  The first Red Team was lead by Robert Abbott and his team examined the Diebold and Hart machines at a secure facility in Sacramento.  Giovanni Vigna and Richard Kemmerer from UC Santa Barbara matched wits with the Sequoia voting machine.

Both teams found alarming security problems in all the machines.  Bishop summed it up by writing, “The red teams demonstrated that the security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results.”

Abbott’s team was able to access election data directly by exploiting vulnerabilities in the Diebold machine’s Windows operating system – an operating system that all three e-voting machines use.  They were also able to bypass locks and other physical security with “ordinary objects”.  Election data on the Hart machine was also easily compromised.

Vigna’s team also found physical security on the Sequoia voting machine to be inadequate.  They gained access to the machine’s insides by unscrewing a few locks and discovered that the screws with not protected by seals.  

The study adds that all three machines used some form of Windows operating system and that each machine’s  firmware was easily overwritten by the teams.

Bishop complains that his teams didn’t have enough time to fully document all the security vulnerabilities because they study started in mid-June and ended July 20th.  Secretary of State Bowen had said that the deadline could not be extended because the counties need at least six months to examine the findings.  Bishop added that Abbott’s team was close to finding several other problems, but simply ran out of time.