Unisyn voting machine manual instructs election officials to use and recycle weak passwords

No one knows who wrote this Unisyn optical vote-counting machine manual that has appeared in multiple sites served by the California-based vendor, but only because Unisyn won't comment on whether they wrote it. Read the rest

Ivanka Trump to get 16 new China trademarks, including one for 'voting machines'

Why does Ivanka Trump need trademarks for nursing homes, sausage casing, and *voting machines* in China? Or do we not want to know. Read the rest

Voting systems in Wisconsin and Kentucky are running FTP. Seriously.

FTP -- the "file transfer protocol" -- is a long-supplanted Unix tool for transferring files between computers, once standard but now considered to be too insecure to use; so it's alarming that it's running on the voting information systems that will be used in elections in Wisconsin and Kentucky tomorrow. Read the rest

Ebay is full of used voting machines full of real electoral data and riddled with security defects

Back in 2012, Symantec researcher Bryan Varner bought some used US voting machines on Ebay and found them to be incredibly insecure and full of real, sensitive election data; in 2016, he did it again and things were even worse. Read the rest

Leading voting machine company admits it lied, reveals that its voting machines ship backdoored, with pre-installed remote access software

Election Systems and Software is America's leading voting machine vendor, a category notorious for buggy, insecure software and rampant manufacturer misconduct. As the 2018 elections loom, voting machine companies are coming under scrutiny, and when veteran security reporter Kim Zetter asked them, on behalf of the New York Times, if their products shipped with backdoors allowing remote parties to access and alter them over the internet, they told her unequivocally that they did not engage in this practice. Read the rest

In 2009 a NJ judge banned hooking up voting machines to the internet, but that's exactly how ES&S's "airgapped" machines work

Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker. Read the rest

A bipartisan, GOP-led voting machine security bill that would actually fix vulnerabilities in US elections

The Secure Elections Act is a bipartisan Senate bill with six co-sponsors that reads like a security researcher's wish-list for voting machine reforms. Specifically, it reads like Matt Blaze's wishlist, hewing closely to the excellent recommendations laid out in his testimony to the House of Representatives' Committee on Oversight and Government Reform Subcommittee on Information Technology and Subcommittee on Intergovernmental Affairs Hearing on Cybersecurity, recounting his experiences as a security researcher and as the founder of Defcon's Vote Hacking Village. Read the rest

Someone wiped a key server in Georgia right after voters filed a lawsuit over insecure voting-machines

Georgia's voting machines are among the worst, most hackable in the nation, and that's why a "diverse group of election reform advocates" including the Coalition for Good Governance sued the state to purge its hoard of 27,000 AccuVote voting machines, whose defects were not patched though the state was warned of them six months prior to the election. Accuvote machines do not keep any kind of paper audit-tape that can be used to compare the electronic total to a hardcopy. Read the rest

How do you dump the firmware from a "secure" voting machine? With a $15 open source hardware board

One of the highlights of this year's Defcon conference in Vegas was the Voting Machine Hacking Village, where security researchers tore apart the "secure" voting machines America trusts its democracy to. Read the rest

Former CIA director: secure US elections with open-source voting machines

Former CIA director R. James Woolsey and legendary free software creator Brian "bash" Fox took to the New York Times's op-ed page to explain that proprietary software and voting machines don't mix, because unless anyone who wants to can audit the software that powers the nation's elections, exploitable bugs will lurk in them, ready to be used by bad guys to screw up the vote-count. Read the rest

Days before elections, the official in charge of Kenya's voting machines has been tortured and murdered

Chris Msando is the Kenyan electoral commission IT manager who oversaw the country's computerized voting systems; now, just days before a hotly contested election, his body has been found in the Kikuyu area in Nairobi's outskirts, and the Independent Electoral and Boundaries Commission says he was tortured and murdered. Read the rest

What's worse than shitty, hacked voting machines? Unauditable, shitty voting machines

The news of attempts by Russian hackers to compromise US voting systems will forever throw into question the results of close US elections -- but that's not just because voting machines are security tire-fires, it's because they're security tire-fires whose vote-counts cannot be audited. Read the rest

House Republicans just voted to defund the agency that fights election hacking

All of the GOP's bluster about election fraud couldn't save the budget for the Election Administration Commission, the federal agency that deals with software security risks in America's creating, Windows-2000-based voting machines. Read the rest

Alex Halderman: we will never know if the Wisconsin vote was hacked unless we check now

Alex Halderman has clarified his earlier remarks about the integrity of the Wisconsin election: in a nutshell: voting machine security sucks, hackers played an unprecedented role in this election; there are statistical irregularities in the votes recorded on software-based touchscreen machines and the votes registered with paper ballots counted by optical scanners, so why the hell wouldn't we check into this? Read the rest

Wisconsin: America's top voting-machine security expert says count was irregular; Fed judge says gerrymandering was unconstitutional

University of Michigan prof J Alex Halderman (previously) is one of America's top experts on voting machine security (see this, for example), and he's issued a joint statement with voting-rights attorney John Bonifaz to the Clinton campaign, advising them to ask for a recount of the Wisconsin votes. Read the rest

Electronic voting machines suck, the comprehensive 2016 election edition

It's been thirteen years since we started writing here about the shenanigans of the electronic voting machine industry, who were given a gift when, after the contested 2000 elections, Congress and the Supreme Court signaled that elections officials had to go and buy new machines. Read the rest

Russia and other states could hack the US election by attacking voting machines

It's been more than 16 years since faulty voting machine technology called into question a US presidential election, and in the ensuing 1.6 decades, the voting machine industry has used bafflegab, intimidation and salesmanship to continue selling faulty goods, whose flaws surface with despressing regularity. Read the rest

More posts