Boing Boing
Connecting voting machines to the internet is a terrible idea: the machines are already notoriously insecure, and once they're online, anyone, anywhere in the world becomes a potential attacker.
But voting machine vendors know that their customers want to be able to gather totals remotely, without having to physically move files around on USB sticks, or by shipping the machines to a central location, so ES&S equipped its DS200 voting machine with a cellular modem that uses Verizon's packet-switched "Autonomous System" communicate with the canvassing computer that gathers its tally.
This is not secure. Verizon's Autonomous System is a bunch of internet-connected computers that are supposed to be isolated by firewalls, but those firewalls and routing rules are no more secure than any other internet-connected systems: a computer that is connected to the internet is still connected to the internet, even if its upstream routers are programmed to limit which traffic can reach it.
Worse, though, is that these are cellular modems, which means that they're vulnerable to fake cellular towers (AKA "cell site simulators" AKA "Stingrays" AKA "Dirtboxes"), so anyone who sets up shop near a polling place can intercept and tamper with vote totals, or potentially hack into the firmware of the machines.
Read more
No comments:
Post a Comment