Look up the voting machine exhibit at Defcon all those years ago. These kids were taking total control of them within hours including faking a near split vote that barely swung towards whatever candidate they wanted.
These kids were taking total control of them within hours
That’s impressive broadly speaking, but not terribly useful unless you have unfettered access to the machines for that length of time.
Security measures on the machines aren’t supposed to just be in the hardware/software. They’re also supposed to be locked up and tagged, so that any physical tampering is noted when they are used again.
If you’ve got teenagers who have breached that first level of security, it’s much bigger news that what they managed after hours of manipulating a device in the open.
LOL I was replying to you literally saying the hacking demo at Defcon, where they had the physical machines right there in the room, was “not terribly useful unless you have unfettered access to the machines.” I’m saying that wouldn’t have mattered in November because they were networked.
Can confirm. I was there and while I did basically nothing helped one of those ‘kids’ by holding up the top for them. Funnily nearly all of the issues would be fixed by NOT PUTTING USB PORTS ACCESSABLE TO THE PUBLIC ON THEM. One still needs a firmware dump to know what hacks to use but its actually a easily fixable problem for the basic attacks.
Most of the boxes at defcon didn’t have protection for that. Then again if memory serves there was only 1 US election box and it was a no longer used model.
Look up the voting machine exhibit at Defcon all those years ago. These kids were taking total control of them within hours including faking a near split vote that barely swung towards whatever candidate they wanted.
That’s impressive broadly speaking, but not terribly useful unless you have unfettered access to the machines for that length of time.
Security measures on the machines aren’t supposed to just be in the hardware/software. They’re also supposed to be locked up and tagged, so that any physical tampering is noted when they are used again.
If you’ve got teenagers who have breached that first level of security, it’s much bigger news that what they managed after hours of manipulating a device in the open.
Like the bomb threats in all the polling places on election Day in all the swing states?
Definitely a good example. Also, the prosecutions against black voters in Houston districts unleashed by Ken Paxton in 2020 and 2022.
The machines in November had network access.
Why would they need network access? Just have it record the numbers onto a portable drive then upload the results somewhere else that has access.
Is it too much work for poll people to transfer a usb stick to a laptop at the end of the day?
LOL I was replying to you literally saying the hacking demo at Defcon, where they had the physical machines right there in the room, was “not terribly useful unless you have unfettered access to the machines.” I’m saying that wouldn’t have mattered in November because they were networked.
Can confirm. I was there and while I did basically nothing helped one of those ‘kids’ by holding up the top for them. Funnily nearly all of the issues would be fixed by NOT PUTTING USB PORTS ACCESSABLE TO THE PUBLIC ON THEM. One still needs a firmware dump to know what hacks to use but its actually a easily fixable problem for the basic attacks.
They’re not normally accessible to the public. Machines are kept under lock and key by election officials.
Most of the boxes at defcon didn’t have protection for that. Then again if memory serves there was only 1 US election box and it was a no longer used model.