How a simple $15 device can hack the US presidential elections
Cyber security firm Symantec has revealed three easy ways someone could ‘hack’ into the US presidential election -- for just $15!us presidential election Updated: Oct 19, 2016 07:58 IST
Cyber security firm Symantec has revealed three easy ways someone could ‘hack’ into the US presidential election -- for just $15!
The hypothetical hacker in this situation could re-programme the chip card used by voters to cast their ballot using a simple, inexpensive device, they said.
In a general voting process, voters use a chip card to cast their vote. Once someone has voted, the same card is re-used by the next voter.
“Just like credit cards, these cards are like a computer with their own RAM, CPU and operating system. Which means they can be exploited like any computing device,” the company said in a statement.
“In examining the election process for vulnerabilities, we discovered that there’s an opportunity for a hacker to modify the code put on a voter’s chip card. There was no form of encryption on the internal hard drive of the voting machines we purchased, which were running an outdated operating system to display the ballots and record votes,” said Symantec.
“Anyone who knows how to programme a chip card and purchases a simple $15 Raspberry Pi-like device, could secretly reactivate their voter card while inside the privacy of a voting booth.”
The card can be faked in two different ways -- one, by resetting the card to allow someone to vote multiple times on the same chip card and second, by programming the card to allow multiple vote casting.
The company was testing actual direct-recording electronic (DRE) voting machines and other equipment to simulate a real-world voting system.
The second method to rig votes is by tampering with the tabulation.
All the votes are registered in the voting and attackers could compromise the integrity of the voting data by manipulation of cartridges as these storage cartridges function like a USB drive which stores data in plain text with no embedded encryption.
Symantec said that these vulnerabilities can easily be fixed by installing security software at all points of the process.