back to article Default admin password, weak Wi-Fi, open USB ports ... no wonder these electronic voting boxes are now BANNED

The US state of Virginia is decommissioning a long-serving electronic voting system after learning of its gaping security holes. The state's Board of Elections was urged to decertify the Wi-Fi-connected Advanced Voting Systems WINVote system after the boxes were found to lack basic security measures against physical and …

  1. Captain DaFt

    What an odd country, this USA.

    Imagine, voting machines that're open to everybody to tamper with, but gaming video cards and their drivers are locked down tighter than Fort Knox.

    http://m.theregister.co.uk/2015/04/15/nvidia_gtx_900_linux_driver_roadbloack/

    Apparently, if it won't make a buck, who gives a fuck about security?

    1. Tom 13

      Re: What an odd country, this USA.

      Hey, it got McAuliffe elected didn't it? Time to close the barn door.

      Many of us were wondering how that carpetbagger won. Now we know.

  2. Anonymous Coward
    Anonymous Coward

    Bottom line

    The public ends up out of pocket, but the wankers that built this crap walk away with theirs stuffed full of cash.

    1. Uncle Ron

      Re: Bottom line

      It's not the vendor's fault so much as the totally careless, incompetent IT people--and the tightwad public officials who refused to modernize the systems. Pathetic. When the systems were still within their normal useful life, they were probably acceptable. But not maintained and updated. What a joke.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bottom line

        "It's not the vendor's fault

        From the evidence, it is likely not to be due simply to negligence. The blackboxvoting.org site has a pretty good repository dating back to 2004 of communications and test results that clearly brings vendors' actions into question.

      2. jonathanb Silver badge

        Re: Bottom line

        Open USB ports and default admin passwords were never acceptable. WEP encryption, I might be generous and give you that one.

        1. Tom 13

          Re: WEP encryption, I might be generous and give you that one.

          Nope, not even that one. Systems were only in use for 10 years. WEP was proven unfixably broken before that. Even if Comcast and Verizon are still using it as the default configuration when they sell a punter a connection.

      3. Anonymous Coward
        Anonymous Coward

        Re: Bottom line

        No, they were NEVER secure, never verifiable, and always tamperable. Add in that the personnel working the elections are largely a mix of retirees, some of whom only use a computer this semi-annual time, and high school students who are press-ganged as a requirement to their civics class, and it is a recipe for fiddling the results without anyone the wiser. The company that makes the computer equipment in my state is a well-known right-wing supporter, and even with changing demographics in the county, solidly rightist it has remained.

    2. Richard Boyce

      Re: Bottom line

      "... walk away with theirs stuffed full of cash"

      and votes for sale.

  3. Mephistro
    Unhappy

    "...lack basic security measures against physical and electronic incursions."

    That's a feature, not a bug.

    Really, the name WINvote says it all.

    1. Mark 85

      It may very well be a feature as ballot box stuffing is a time-honored tradition in many places in the States. Some have a large graveyard vote. Others, votes get changed. Votes get bought. In many ways, the computer age makes it easier.

    2. Anonymous Coward
      Anonymous Coward

      Re: "...lack basic security measures against physical and electronic incursions."

      It takes hard work and dedication to make something that is functionally so simple so shite. The enemy of security is complexity, and yet is packed with unnecessary features. Why does it need a full-fat operating system, wifi and USB anyway.

      1. Anonymous Coward
        Meh

        Re: "...lack basic security measures against physical and electronic incursions."

        Why does it need a full-fat operating system.....

        Windows XP Embedded 2002

        Hardly full fat.

        1. Anonymous Coward
          Anonymous Coward

          Re: "...lack basic security measures against physical and electronic incursions."

          The VITA report says that they could get a remote desktop using RDP, also access the devices via default network shares, and that they use Microsoft Access for storing polling data. That sounds like a lot more than just enough operating system.

    3. Anonymous Coward
      Anonymous Coward

      WINvote

      Most commercial Linux distributions from that time have had far more holes than XP embedded...The issue isn't the choice of OS.

  4. Anonymous Coward
    FAIL

    First Line Says:

    'Authorities in Virginia have moved to decommission a long-serving electronic voting system after discovering gaping security holes.'

    If I read the article correctly they didn't 'discover' them, they just didn't observe basic security.

    Government and IT? We'd be better off with parchment and scribes.

    1. lambda_beta
      Linux

      Re: First Line Says:

      It's actually outsourcing and IT. Because it's the way management can take no responsibility and wash their hands of crappy systems because they have no clue of what they're doing.

    2. Uncle Ron

      Re: First Line Says:

      That's just what the election scammers want you to think. Which is better: A well designed and maintained electronic system, or "parchment and scribes?" So, get the electronic systems thrown out and go back to manual systems even more easily corrupted and untrackable.

      1. Yag

        Re: First Line Says:

        Manual systems? corrupted and untrackable?

        As a regular citizen, I can get up early on election day and go to the voting station, check the urn before anyone vote (it's made of glass for this purpose), count the votes, stay for the ballot count and watch the process (I often even helps with it), then check the consistency of the obtained numbers with the official number reported on the web a few hours later for this station.

        As any concerned joe can do the same for any voting station, I can not figure out where the "untrackable" part is.

        A closed source blackbox electronic voting station, on the other hand...

  5. Eddy Ito
    Facepalm

    Any interesting voting trend changes since the machines were put into use? What kind of changes? Oh I don't know, near unanimous votes to triple the salary of the county IT guy every few years maybe.

  6. dan1980

    What's amazing is not that there are security holes. What is amazing is that it took this long to catch.

    Why was this system even implemented in the first place? I can understand (though not approve of) a system that becomes less secure due to bugs that are later identified but don't get patched because that would be something that was secure (so far as that element goes) when initially deployed.

    These systems were never secure.

    The state should ask for compensation from this company. If they don't then that must mean that they (the state) did not make it mandatory that the systems adhere to even basic security guidelines.

    Which really wouldn't be all that surprising, I suppose.

    1. Robert Helpmann??
      Childcatcher

      Who's to Blame?

      The state should ask for compensation from this company. If they don't then that must mean that they (the state) did not make it mandatory that the systems adhere to even basic security guidelines.

      And a direct corollary: voters should demand accountability for this. by voting. At the ballot box... oh. Well, at least by writing lots of letters to politicians and press. And since I happen to live in the Commonwealth, that means I need to send some of those out myself.

      To expand a bit on dan1980's points, even assuming that the state required the company supplying the ballot boxes to comply to security best practices, they did not bother to check that the requirement had been met. Either way, our government shares at least some of the blame for this and is ultimately responsible for the situation.

      1. Uncle Ron

        Re: Who's to Blame?

        The fault is in ourselves: The requirements for a "public procurement" with bid specifications, low price providers, low bidders and all that crap almost guarantee a complete joke of a system. A horse designed by committee. Some vendor companies exist only because they are "good 'ole boys" with procurement people.

    2. John Brown (no body) Silver badge

      "What's amazing is not that there are security holes. What is amazing is that it took this long to catch."

      Even more amazing to me is that we don't see as many stories about fraudulent voting/counting as we do about faulty/poor/crappy voting machine. When did we last see a story on El Reg reporting on hackers breaking into a voting machine or system and changing the outcome? That sounds like just the sort of challenge your average script kiddie would do "for the lulz".

    3. Tom 13

      Re: Why was this system even implemented in the first place?

      Al Gore and the hanging chads fiasco.

      Following that the US government came as close to forcing every state to use electronic voting machines as it could. For my money, ballots with the two black markers where you have to scribble the thick black line and then run them through an optical scanner are the optimal combination of speed and tracking possible. Completely handwritten ballots would be more secure, but kill processing time.

  7. thomas k.

    Drat!

    Back to rigging elections the old-fashioned way, I guess.

  8. Christian Berger

    The position of the constitutional court of Germany is worthy of note

    Essentially they say that even _if_ those machines would be "secure", they still couldn't be used as it's not about them being secure, but about the layperson being able to check for election fraud by themselves.

    A simple pen an paper system may be easy to compromise, however it's trivial to check. You look into the ballot box before they seal it, it needs to be empty. You count how many people came to vote and how many ballots are in the box when they open it again. Then you make sure those ballots are properly counted and nobody adds or removes any ballots. Since the ballots will be stored in a sealed box afterwards, you can always recount them.

    Any sort of system that involves mechanics, electronics or mathematics is much harder to understand. A voting system has to even work in the "paranoid" situation where everybody is against you. You cannot ask a mathematician to proof it's correctness to you, you cannot ask a team of forensic engineers to disassemble and check your voting computer.

    1. Uncle Ron

      Re: The position of the constitutional court of Germany is worthy of note

      The problem is, with millions or tens of millions of people voting, hand jobs are just not practical. If credit card companies, banks, the IRS and SSA can have secure systems, voting should be able to be automated. Only corrupt, paranoid, or stupid people would disagree.

      1. bobbles31

        Re: The position of the constitutional court of Germany is worthy of note

        Ah, the old if you don't agree with me you must be in this really bad group tactic.

        People have opinions that may differ from yours, that doesn't necessarily make them corrupt, paranoid or stupid.

      2. Christian Berger

        Re: The position of the constitutional court of Germany is worthy of note

        "The problem is, with millions or tens of millions of people voting, hand jobs are just not practical."

        Uhm.... Germany has roughly as many voters as the US. I never had to wait for more than 10 minutes to vote, the voting booth close at 18:00, and the official results are announced before 20:00. Typically enough polling places have been counted by 18:30 to give a really good prediction.

        Financial institutions represent a completely different problem than voting. With voting you need privacy particularly against the people running the election. With financial institutions you don't have that. Within the organisation there are lots of audit logs. Therefore you cannot move money from one account to another one without there being a "paper" trail. That wouldn't be acceptable with voting. If you don't understand why, look at how elections in the GDR worked.

        1. MonkeyCee

          Re: The position of the constitutional court of Germany is worthy of note

          "Uhm.... Germany has roughly as many voters as the US."

          Really?

          Awesome. I'll give you a dollar for each German vote at the last election, and then you can give me a dollar for each American vote at the last election.

          Last I checked Germany had a total population of about 86 million. Let's call it 90 million, and pretend everyone is of voting age :)

          USA has a voting age population of roughly 230 million, of which about 129 million voted in the 2012 election.

          Germany (and the Netherlands where I live) also has a much more detailed record of who lives where, and thus their voting eligibility, and everyone has an ID card. These things might make it a tad easier to run things like fair elections.

          1. Tom 13

            Re: The position of the constitutional court of Germany is worthy of note

            An ID card?

            POLL TAX!! POLL TAX!!

            You're prejudiced against BLACK people.

            You just don't want poor people being represented!

            And What do you have against Undocumented Workers anyway!

            You hood wearing KKK troll.

            Sorry, I have no basis on which to accuse you of any of those things, but if you suggest that here in the States, what I wrote is mild compared to the hate mail you'll get.

        2. Tom 13

          Re: That wouldn't be acceptable with voting.

          Actually, the audit trails in elections are every bit as critical as they are in the financial industry. The catch is, you have to anonymize the actual vote count. For each ballot cast there needs to be a signed receipt in the ballot box, and a signature in the official rolls. The ballot IDs in the attached bag need to match the ballot ID for the machine.* And there has to be a signed audit trail for moving the equipment from the voting authority to the polling place and back.

          *Or at least there did when we used optical ballots before the new fraud boxes were deployed. Now you get a smart card that gets repurposed after you vote and ALL of the records are just 1s and 0s in the memory of the ballot box. Oh and yes, the last time I was in the ballot box I heard someone at another booth complaining the booth was changing her votes. I wasn't even a registered poll watcher, so I didn't interfere.

      3. jonathanb Silver badge

        Re: The position of the constitutional court of Germany is worthy of note

        You don't have millions of people at an individual voting district, you have maybe 5000 people.

        1. Yag

          Re : You don't have millions of people at an individual voting district, you have maybe 5000 people.

          In France, each of those district is divided in several voting stations. The local station only have 500 registered voters, and you can expect half of them turning in on the good days.

          250 votes takes roughly 1h to process for a 4 people team.

        2. Tom 13

          Re: The position of the constitutional court of Germany is worthy of note

          In theory in the US it is supposed to be 2000 people per polling district. In practice it varies greatly and the granularity causes as many problems as it solves.

          There is some sense in which a national holiday would be logical. It would at least remove the obstacle of having to take a day off from work to assist at the polls. Not that I think all that many people would show up mind you. That's why it is a very, very limited sense.

      4. Christoph

        Re: The position of the constitutional court of Germany is worthy of note

        "voting should be able to be automated. Only corrupt, paranoid, or stupid people would disagree"

        Perhaps you could explain this to the large number of corrupt, paranoid, and stupid experts who have studied voting systems in great detail and pretty well universally agree that due to a number of problems a reliable, secure electronic voting system cannot at the moment be made.

        1. Uncle Ron

          Re: The position of the constitutional court of Germany is worthy of note

          "explain this to the large number of corrupt, paranoid, and stupid experts who have studied voting systems" Please prove this.

    2. Mark 85

      Re: The position of the constitutional court of Germany is worthy of note

      That's the way it used to be.. three election officials: 1 "neutral" and 1 from each party plus county/state employees. It was rife with fraud. The average person couldn't check for fraud by themselves as the counts were done usually in a back room.

      The current method involves checking the counters before the voting starts. Checking the counters periodically during the day to make sure the total votes equal the number of voters through the door, and then again after the polls close.

      Is it a good system? I'm not sure any system is "good". Other manufacturers of voting systems have lost their shirts when the equipment was tossed out. Diebold comes to mind. They may be still in it but they have had a ton of problems. Equipment not being secure, reboot buttons open to abuse, multiple votes being able to be cast by one voter.

      But, still using XP boxes, pporly managed devices and methods are just plain stupid.

      1. Tom 13

        Re: The current method involves checking

        In theory the current system works that way.

        Having served as a poll observer in a couple of elections, I can assure you theory has about as much familiarity with reality as a whorehouse has with chastity. Most polling places can't even get enough polling judges to staff voting places properly. You almost never find a poll observer from both major political parties let alone the other ones. At the location where I served, the polling judge put in a 20 hour day because he had to start at 5:00 in the morning picking up the voting machines and getting them set up for the 7:00 opening. Polling ended at 7:00 pm After he disassembled all the equipment and made his in place checks, he then had to deliver the equipment to the tabulation office, then he had to stay until they finished tabulating the votes. Nominally he gets a break for lunch and dinner, but there was no alternate there so he ate while in the polling location.

        If I lived somewhere competitive instead of the People's Republic of MD where it doesn't really matter, I'd be appalled. And that's before you get to the lax voter ID/registration laws.

    3. Hans 1
      Black Helicopters

      Re: The position of the constitutional court of Germany is worthy of note

      Check for fraud ? ROFL!

      Ok, a mayor in my area got caught for fraud, but she still won the election as she had <150 more votes than the other (after over 300 fraudulent votes had been subtracted). Note that in France you have just a couple of days to go through all registered votes - the opposition found numerous votes that had been made which sported the same signature, however, that was not enough.

      http://www.lexpress.fr/actualite/politique/elections/municipales-a-aix-en-provence-la-methode-joissains_1294303.html (excuse my French)

      You can cheat in France and get away with it.

      [Sound of choppers]Shit, needa go. where's the anonymous checkbox ? too late ...

      1. Anonymous Coward
        Anonymous Coward

        Re: The position of the constitutional court of Germany is worthy of note

        Note that in France you have just a couple of days to go through all registered votes - the opposition found numerous votes that had been made which sported the same signature, however, that was not enough.

        From the link you provided the election was declared void once, due to allegedly false allegations made by one party, re-run, challenged on the basis of a few hundred falsified proxy votes, and finally (after two years!) the courts announced a close-run decision. That's hardly a "couple of days". Now the winner is being accused of nepotism. No wonder there's an increasing attitude of "don't vote, it just encourages them".

        It all looks like standard political mudslinging, with some ballot-box stuffing thrown in for good measure, finally resolved by the legal system. Not really related to pros and cons of electronic voting, though.

  9. crayon

    "As the name would suggest, the WINVote systems were based on Microsoft's OS"

    I thought it was named for its ability to win the vote for whichever party gave the supplier the most "campaign contributions" at election time.

    "A horse designed by committee."

    Actually the camel is supremely well designed for the environment it operates in.

  10. Anonymous Coward
    Anonymous Coward

    Only a win for the public if they don't make the same mistake again

    I have a feeling they'll approve some new electronic voting machine that will be similarly insecure, after the vendor has funneled millions into the state congress/governor's campaign coffers. No different than a company getting their speed cameras in, or getting their books in schools, it is all about bribing the right public officials.

    While voting machines you control the outcome of sound like a better idea at first glance, you risk life in prison if you're caught. Legalized bribes in the form of campaign contributions not only don't risk jail, but you get invited to a lot of parties and the result is the same either way.

  11. This post has been deleted by its author

    1. Vince

      Ah and there is the ultimate question...

      I'll tell you why those units used Wi-Fi ...

      Because when they were devised "Wi-Fi" was a new, cool, exciting technology and had to be on everything - in much the same way today, everything, no matter how pointless is being done on a tablet everywhere, even though it's often ridiculously expensive, or functionality draining... it's the "in thing".

      ...which is the very reason my old boss tried to force me - back when 11 meg was the best you got, to fit wireless cards to all the sales team's desktops, then install a buffalo airstation. All despite them all already having cabled network connections in place and working.

      There wasn't a single good reason - we didn't need desktops to be "portable", we didn't need the near 10x reduction in raw speed (ignoring the other limitations of multiple devices on one AP), we didn't need to spend all that money which at the time was a fair bit, but it had to be done because the boss had heard that Wi-Fi was the latest and greatest thing.

  12. Anonymous Coward
    Anonymous Coward

    Does it really matter who wins?

    Be it Jack Johnson or John Jackson? They are all the same, they disagree on policy but do the same when they get elected anyway and never reverse anything they criticised when not in office.

    Paper voting isn't really secure from what I can see, you have a room full of many people counting votes who don't know what each other have submitted so technically you could just change it at the end when tallying up and nobody would be any the wiser.

    I'm enjoying the election in the UK at the moment just for the sheer level of bullshit being spewed and propaganda.

    Long live democracy if it ever existed...

  13. teebie

    marketting

    They picked a clever name if their aim was to sell the machines to corrupt policiticains

    "buy, winvote"

  14. TRT Silver badge

    I'm glad they came straight out and said it.

    No point beating about the Bush.

  15. Palf

    That design is a travesty

    As an electronics engineer, I wouldn't design it anything like that. Chiefly, I would not allow any communications (wifi, LAN, internet, bluetooth) with the box while voting is going on. Each box is preloaded with the registration list - a list of social security numbers pertinent to the locale - and a vote consists of

    a) self identification via SS number

    b) the vote itself

    When voting is complete, voting data is extracted via a USB port using encrypted protocols.

    That's not 100% tamper-proof, but it's pretty good.

    There is no need for a complex OS. The functions described can all be done with an extremely primitive microprocessor and some flash memory.

    And on a political note, dissatisfaction with all of the candidates should be available for a vote via a choice labelled "None of the above". This carries more punch than simply not voting. It means you took the trouble to point out that all the candidates are shite.

    1. Adam 1

      Re: That design is a travesty

      Identification and voting should not go through the same system. Also, you ideally need to share between identification systems whether a given voter has already cast a vote to prevent someone voting multiple times.

      Also, ss numbers alone are probably insufficient for authentication because they are guessable.

  16. phil dude
    Boffin

    public /private keys?

    So how about voting machine being an exercise in public key crypto?

    Voter enters booth, and selects candidate(s), this generates a unique key and they get a physical result with the key and a receipt for their vote ( a table , say). The vote is signed by the machine, and using the public key of some local neutral authority, and the key of the dynamic voter. Hence, corrupt officials can't change the vote without the voter and the specific machine.

    Therefore, the votes have receipts that can be checked if fraud is suspected. Anonymity is preserved.

    Voters will be able to go on line and check their vote hasn't changed (they get key generated on the receipt).

    Have I missed something?

    P.

    PS. and obviously this would be FOSS....

  17. Peter Brooks 1

    Brilliant anarchist joke!

    Who but an anarchist would show his contempt for voting by using Microsoft Windows as the software.

    It's lovely!

    1. Anonymous Coward
      Anonymous Coward

      Re: Brilliant anarchist joke!

      "Who but an anarchist would show his contempt for voting by using Microsoft Windows as the software."

      About 90% of desktops and 75% of servers according to Forbes...

  18. Bakana

    It's like that because everyone involved just Ignored the fact that, during the 2000 election, the CEO of Diebold was the State Chairman of the GW Bush Campaign and Declared Publicly and On the record that he would "Deliver Ohio" to Bush.

    AT a time when His Company was in charge of the "Care & Feeding" of all the Voting Computers in the state.

    AS far as "Hackability" was concerned, blackboxvoting.org at the time was able to demonstrate at least 5 Different ways to rig or alter the results using those machines.

    The Simplest one was the Memory Cards used to hold the vote totals.

    Wehn the Election first starts, the supervisor is supposed to run a "Zero Test" on the card to "Prove" that it is "Empty". It checks and all the Vote Totals are reported to be ZERO.

    What they discovered was that, if you entered 50 Votes for Candidate A and Minus 50 Votes for Candidate B on those memory cards, they would Pass the "Zero Test" because the Total Votes on the card added up to Zero.

    The only possible exposure would be a candidate who lost so badly that there would have been no Need to rig the votes in the first place.

    And, in subsequent elections in a few very small races, candidates DID "Lose" with Negative Vote totals after the elections.

    Voting officials brushed it off as "Computer Glitches".

  19. Tim Roberts 1

    Do not ...

    turn off or unplug your computer , it will turn off automatically ---- installing update 1 of 1

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like