A cyber security firm Symantec published three ways an attacker with adequate level of knowledge and motivation can hack the presidential election. And you just need a $15 device like Raspberry Pi to do that.
Sounds like a scuttlebutt right? But no, Symantec revealed this in its “Hack the Vote” election simulation and it is 100% genuine.
Symantec Corporation is an American technology company founded by Gary Hendrix. It is headquartered in California and produces software for storage, security, and other professional services to support its software.
They simulated a real-world voting system with actual direct-recording electronic (DRE) voting machines and other equipment bought from an online auction site.
The general process includes voters using a chip card to cast their votes. They are provided to them while entering polling stations, where it uses electronic voting machines. These cards are just like credit cards. It has its own RAM, CPU and OS which makes them exploitable like any other computing device.
Symantec said in a statement that, “In examining the election process for vulnerabilities, we discovered that there’s an opportunity for a hacker to modify the code put on a voter’s chip card. Anyone who knows how to program a chip card and purchases a simple $15 Raspberry Pi-like device, could secretly reactivate their voter card while inside the privacy of a voting booth.”
One can easily fake the card in two ways. The first one includes resetting the card to allow voting multiple times with the same chip. The second one is programming the card to permit multiple vote casting. Secondly, one can program the card for permitting multiple vote casting.
The company also claimed that “There was no form of encryption on the internal hard drive of the voting machines we purchased, which were running an outdated operating system to display the ballots and record votes.”
Thus, the second method is basically tampering with the tabulation. The attackers can manipulate the voting data. This is as the storage cartridges function like USB drives which stores data in just plain text.
Thirdly, by circulating misinformation on social media, an attacker can also change voter behavior.
Nonetheless, introducing security programming at all steps of the process can fix the vulnerabilities, added the company.