With fewer than 24 hours before polls open for the 2016 US presidential election, consider this your periodic reminder that e-voting machines expected to tally millions of votes are woefully antiquated and subject to fraud should hackers get physical access to them.
A case in point is the Sequoia AVC Edge Mk1, a computerized voting machine that will be used in 13 states this year, including in swing states such as Arizona, Pennsylvania, and Wisconsin. The so-called direct-recording electronic vote-counting system has long been known to be susceptible to relatively simple hacks that manipulate tallies and ballots. Researchers from security firm Cylance are driving that point home with demonstration hacks. The first one causes one or more votes for one candidate to count as votes for that candidate's rival. A second one alters the names as they appear on the electronic balloting screen.
Cylance discloses voting machine vulnerability.
The hacks work by tampering with—or more precisely, reflashing—the PCMCIA card, a storage device in the voting machine that's similar to the tiny hard drive that's used by many digital cameras. The fraud could be carried out by inserting a maliciously modified card inside a Sequoia AVC Edge machine, although the attackers would likely have to circumvent tamper-evident seals that are designed to flag such abuse. The video above shows the hack being used to alter both the public and protective counters the machine uses to count and recount results to ensure tallies are valid. The decade-old hack first came to public attention in 2007 in a research paper titled Source Code Review of the Sequoia Voting System.