Ahead of important elections, U.S. voting system is still vulnerable to hacking

With the U.S. midterms around the corner, and increasing concerns of hacking making headlines, J. Alex Halderman worries that government officials are not concerned enough about how vulnerable electronic voting machines are to hacking and tampering.

'It ought to be a national embarrassment,' says comp-sci professor J. Alex Halderman

J. Alex Halderman has hacked into electronic voting machines in front of U.S. Congress to demonstrate that the machines a vulnerable to tampering. (CBC)
Listen14:42

In 2016, Russian hackers infiltrated the voting systems of 39 states in the U.S. However, they chose not to act on their access to disrupt voting.

J. Alex Halderman is a professor of comupter science at the University of Michigan. (University of Michigan)

With the U.S. midterms around the corner, and increasing concerns of hacking making headlines, J. Alex Halderman worries that government officials are not concerned enough about how vulnerable electronic voting machines are to hacking and tampering.

Halderman, a professor of computer science and engineering at the University of Michigan, has even hacked into electronic voting machines in front of U.S. Congress to demonstrate those vulnerabilities.  

For the first time in U.S. history, West Virginia has allowed some overseas voters to vote in midterm elections via a mobile app called Voatz, which uses blockchain technology. 

Halderman said that blockchain has its own vulnerabilities, and ultimately believes that the best way to vote is with a paper ballot.

Voatz argues otherwise.

In a statement to Spark, Voatz CEO Nimit Sawhney wrote: "No system can be 100 per cent secure, but we go to great lengths in terms of making it harder for the attackers to compromise the system."

Halderman spoke to Spark host Nora Young about the vulnerabilities associated with electronic voting machines in the U.S. Here is part of their conversation.

So let's start with how you were able to hack into electronic voting machines. What did you actually do?

Well, I've been investigating the security of electronic voting machines for more than 10 years now, and for many different models of voting machines used in the U.S. and in other countries. I've shown how adversaries could develop malicious software that could infect the machines and change votes. You don't always even need to be in the same room as the voting machines, you can sometimes do it remotely, infecting them from a distant network. In other instances you can infect the voting machines with the removable media that election officials use to program them.

Really, it's just like any other kind of internet-of-things device or computer system. The security of voting machines is fragile.

I know there are a lot of different types of models, but can we use one as an example? I know that you hacked into an electronic voting machine in front of U.S. Congress. What happened there?

This year, I have been trying to speak with members of Congress and others about the danger of electronic voting and cybersecurity, and I've been demonstrating with one of the most widely used electronic voting machines in the U.S.

It's a machine called a Diebold AccuVote-TSX. This is a touch screen voting machine. Voters interact with it by just stepping up to this one flat panel mounted on a stand and you enter your ballot entirely digitally. There's no paper backup, there's no paper ballot. All of the records of the vote are inside that computer memory.

So this voting machine is still used in 18 states including all of Georgia. And I was able to buy one government surplus on eBay actually and figure out how it could be hacked.

How did you hack it?

I developed a kind of malware, a malicious software that can infect the machine and change votes — and the way this malware gets onto the voting machine, you don't have to be physically present or have any access to the machine directly. Instead it can spread almost like a computer virus from the backend systems that election officials use to design the ballot.…

Every kind of voting machine used in the United States has to be programmed before each election with the design of the ballot — that is, the names of the races and candidates and the rules for counting. Election officials create that programming on just a normal computer somewhere. It's called an election management system. It's operated by the county or the state or by an outside contractor. If an adversary can infect this election management system, they can interfere with that ballot programming process in a way that can spread malicious software to all of the voting machines in the whole jurisdiction.

This malicious software that I've developed can spread to the voting machines over a wide area, and it runs in the background. As people are voting, it just silently switches a certain fraction of votes to favour the candidate that the attacker prefers.

Wow. The U.S. Elections Assistance Commission chair urged people not to worry because these machines are not connected to the internet and therefore they can't be hacked remotely. But it sounds like from what you're saying it can still be hacked?

Unfortunately, they can still be hacked and this is what keeps me up at night. The voting machines, unfortunately, are not as isolated or as disconnected from the internet as they might seem.

What about the memory on these machines? Don't they keep a record of who voted and for which candidate?

They keep a record of the ballots, but the record is stored entirely in a digital memory. And that means that whatever software is running on the voting machine has complete control. If that software is correct and is secure, then everything should turn out all right. But if an attacker can infect the machines with malicious software, as I've shown it's possible, then that malicious software can change the digital records however the attacker wants.

Here in Canada we use paper ballots, but then machines that read the votes. Do you think those are vulnerable to being hacked as well?

Well unfortunately, the optical scanners that read paper ballots are just as vulnerable. The good thing though. about having a paper ballot that the voter filled out, is there's something you can go back to later to spotcheck and confirm whether the computers are correct. Now in the U.S., unfortunately, although the majority of votes are now recorded on paper, most states don't routinely look at it, or at least they don't look at enough of the paper to have a statistically significant check on the computer results. And that means, unfortunately, that we're much more vulnerable than we need to be.

This is nuts. It's kind of nuts!

It ought to be a national embarrassment that our election system is as vulnerable as it is especially given the kind of wakeup call we've got in 2016.


In Canada, the majority of our provinces rely on a paper-ballot system, and an electronic paper ballot reader.

In Thunder Bay, however, some citizens were able to vote in the 2018 municipal election online, or by telephone for the first time ever.

More than 60 per cent of voters in Thunder Bay voted online.

The Canadian Centre for Cyber Security, the federal agency that oversees cyber threats to Canada's democratic process, told Spark that they take election security very seriously.

Last year they published a report about potential threats to elections in Canada, and they are currently working on an updated report in advance of the 2019 federal election, as they work closely with Elections Canada. The Cyber Centre was not available for an interview in time for our program this week.

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.