Evoting security researchers at U Michigan root DC's voting machines with ease

Oldsma sez, "DC election officials put a test version of their voting system up in a mock primary and invited white hat attacks. U. Michigan broke it completely within 36 hours. DC officials reply, in a nutshell, 'Well, that's why we asked people to test it.'"

D.C. voting officials knew there might be openings in the upload procedure, said Paul Stenbjorn, director of information services at the D.C. Board of Elections and Ethics.

"It was disappointing that it was as easy as it was for them," he said, "and that we hadn't been more proactive about closing down these known issues."

In the end, Stenbjorn considers the experiment a success. "This was why we had the public examination period," he said. "Obviously, we would have liked a smooth noncontroversial deployment of our new system, but this was a known potential outcome…"

Halderman expected the system to be fairly easy to compromise.

"Web security is a very difficult problem," he said. "Major web sites like Facebook and Twitter regularly suffer from vulnerabilities, and banks lose millions of dollars to online fraud every year. These high-profile sites have greater resources and far more security experience than the municipalities that run elections, and yet they are still constantly having problems. It may someday be possible to build a secure method for voting over the Internet, but in the meantime, such systems should be presumed to be vulnerable based on the limitations of today's security technology."

Michigan researchers hack Washington DC computer voting system

EFF E-Voting

(Thanks, Oldsma, via Submitterator!)