“Decertifying the worst voting machine in the US”

“If an election was held using the AVS WinVote, and it wasn’t hacked, it was only because no one tried. The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded. They didn’t need to be in the polling place — within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know…
in the November 2014 election, voting machines in one precinct were repeatedly crashing, and it was hypothesized to be due to some interference from someone trying to download music using their iPhone…
So how would someone use these vulnerabilities to change an election?
Take your laptop to a polling place, and sit outside in the parking lot.
Use a free sniffer to capture the traffic, and use that to figure out the WEP password (which VITA did for us).
Connect to the voting machine over WiFi.
If asked for a password, the administrator password is “admin” (VITA provided that).
Download the Microsoft Access database using Windows Explorer.
Use a free tool to extract the hardwired key (“shoup”), which VITA also did for us.
Use Microsoft Access to add, delete, or change any of the votes in the database.
Upload the modified copy of the Microsoft Access database back to the voting machine.
Wait for the election results to be published.
Note that none of the above steps, with the possible exception of figuring out the WEP password, require any technical expertise. In fact, they’re pretty much things that the average office worker does on a daily basis.”

Can we have some of the people concerned about voter fraud getting involved in fixing stuff like this? That would be nice.

Show your support

Clapping shows how much you appreciated Jess Brooks’s story.