[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]
Status: Not Logged In; Sign In
politics and politicians Title: Voting machine password hacks as easy as 'abcde', details Virginia state report AVS WinVote machines used in three presidential elections in state would get an F-minus in security, said computer scientist who pushed for decertification Touchscreen voting machines used in numerous elections between 2002 and 2014 used abcde and admin as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report. The AVS WinVote machines, used in three presidential elections in Virginia, would get an F-minus in security, according to a computer scientist at tech research group SRI International who had pushed for a formal inquiry by the state of Virginia for close to a decade. In a damning study published Tuesday, the Virginia Information Technology Agency and outside contractor Pro V&V found numerous flaws in the system, which had also been used in Mississippi and Pennsylvania. Jeremy Epstein, of the Menlo Park, California, nonprofit SRI International, served on a Virginia state legislative commission investigating the voting machines in 2008. He has been trying to get them decertified ever since. Anyone within a half mile could have modified every vote, undetected, Epstein said in a blog post. I got to question a guy by the name of Brit Williams, whod certified them, and I said, How did you do a penetration test? Epstein told the Guardian, and he said, I dont know how to do something like that. Reached by phone, Williams, who has since retired, said he did not recall the incident and referred the Guardian to former colleagues at Kennesaw State University who have taken over the certification duties he used to perform for Virginia and other states. You could have broken into one of these with a very small amount of technical assistance, Epstein said. I could teach you how to do it over the phone. It might require an administrator password, but thats okay, the password is admin. Bypassing the encrypted WEP wireless system also proved easy. The password turned out to be ABCDE, according to the states security assessment and getting the password would take a few minutes and after that you dont need any tools at all, said Epstein. The commission that stripped the machines of certification also found that the version of Windows operating on each of them had not been updated since at least 2004, that it was possible to create and execute malicious code on the WINVote and that the level of sophistication to execute such an attack is low. The WINVote machine, manufactured by Advanced Voting Solutions, a now-defunct Texas company, has been under siege by Epstein and others for years; the units have been used in at least two dozen elections across the state. Mississippi and Pennsylvania stopped using them several years ago. Epstein said it is likely no one will ever know whether or not they were tampered with. There are no logs kept in the systems, Epstein said. Ive examined them. In order to determine anything about the machines histories, in fact, a very high level of technical sophistication would be required, on a level with the FBI looking at images of deleted files on a suspects hard drive. Bottom line is that if no Virginia elections were ever hacked (and we have no way of knowing if it happened), its because no one with even a modicum of skill tried, Epstein wrote on his blog. Post Comment Private Reply Ignore Thread Top Page Up Full Thread Page Down Bottom/Latest Begin Trace Mode for Comment # 1.
#1. To: TooConservative (#0)
Well now we know how Harry Reid keeps getting re-elected.
There are no replies to Comment # 1. End Trace Mode for Comment # 1.
Top Page Up Full Thread Page Down Bottom/Latest |
|
[Home] [Headlines] [Latest Articles] [Latest Comments] [Post] [Mail] [Sign-in] [Setup] [Help] [Register]
|