Hackers get into voting machines during ‘HackWest’ convention
Mar 23, 2018, 6:02 PM | Updated: Mar 27, 2018, 12:48 am
SALT LAKE CITY — It’s an odd sort of feeling when you walk into a conference and realize you have no idea what people are saying.
“Two files that hash to the same MD5,” said one speaker on stage in a conference room. “I want to get an RS232 analyzer. I think that’s our next step,” said another person working on a computer. “Pic 16 F 72 ISP.”
It’s a different language all right, but this is HackWest. It’s a brand new hacker convention, and for the past three days at the Salt Palace in Salt Lake City, hackers have been learning the latest in keeping cyber information networks secure.
“Most everyone here, their day job is going to be to secure their corporation,” said Sean Jackson, the general manager of HackWest. “They’ll do a better job of securing that if they know how the hackers are getting in. So we want to teach them how they get in.”
There was a table set up where hackers were teaching others the importance of removing the EMMC chip out of cell phones, so personal information can’t be retrieved from it if a phone is sold.
But of all the things hackers are learning, it was the opportunity to open a Diebold voting machine that had them really excited.
Jackson says he recently purchased 12 of them from a re-seller who got them from an insurance company.
“They’re the exact same model that were used in Utah in 2016,” said Jackson.
Hackers spent at least two days figuring out what functions the chips performed, what information could be obtained from the system, and how to manipulate the software.
“It’s about as secure as everyone thought they were, which is not very,” said a hacker who only wanted to be identified at “Stauf.”
Hackers determined that by following a specific sequence of actions while shutting down the machine, they could manually set some controls.
“I can see network settings, I can see security settings, and I can see how it’s being encrypted,” said Jackson during a demonstration.
All that information would be valuable to a hacker who is up to no good.
“It’s been proven you can’t change a vote, but you can create enough doubt to throw the vote out,” said Jackson. “Until we can have a system that is secure, we shouldn’t be using electronics to make votes. It’s a pain to use paper and chads, but it’s not hackable from a distance.
Jackson says if someone can gain access to a lot of machines and knows they’re in a heavy republican or democratic area, it would be relatively easy to cast doubt into that particular machines electronics.
“If you could alter the machines and throw out those votes, you could swing the vote for the ones that weren’t altered,” he said.
Those particular models have a paper trail if a machine was found to be altered or compromised in any way.
“When we walk into a polling station, we think about how we can attack it and how we can exploit,” said Stauf. “Not necessarily being a bad person, but being a person who is more secure and aware of what’s important.”
The hackers say they just want the public to be aware of what’s possible from their end.
“Hopefully, as more research is done on these, we can change the industry and make elections better for America,” said Jackson.
We left a message with the company that makes those Diebold voting machines. They haven’t yet responded.
