Security researchers publish details of online voting hack


Bender for School Board?

U-M security researchers reveal how they hacked the DC Internet voting system, electing Bender to school board and playing the Michigan fight song after each vote cast.

In late 2010, Michigan researchers led by Prof. J. Alex Halderman were in the news for hacking into the test bed for Washington D.C.’s new Internet voting system. Now the team is back in the news after publishing the details of the hack at the 16th Conference on Financial Cryptography and Data Security, on Feb. 28.

The researchers, graduate students Eric Wustrow and Scott Wolchok, Dawn Isabel of the U-M technical staff, and Prof. Halderman, released the technical details in their paper entitled, “Attacking the Washington, D. C. Internet Voting System.”

In the paper, the researchers describe how they examined the code for the system and found a shell-injection vulnerability, exfiltered data, and created a compiler that substituted malicious ballots for genuine ones. In addition, they were able to steal the cryptographic secrets used in balloting secrecy, steal the key to replace past and future votes, and unearth 937 pages of supposedly secret passwords that actual voters were mailed to give them access to the system. They modified the system to play the Michigan fight song on the thank you page after each ballot was cast. Finally, they sanitized system logs to cover their tracks. Of additional interest, the researchers were able to take over the security cameras that monitored the voting system server. They also detected and defended against an additional attack on the system that they trace to the Persian Gulf region.

In summarizing their findings, the researchers point to many vulnerabilities that make electronic voting, and particularly on-line voting, virtually impossible to secure. Among the weaknesses they point to are the use of commercial open source software to develop systems, the lack of an ability to auditing cast ballots, tensions between ballot secrecy and integrity, architectural brittleness in web applications, and the exposure of the system to Internet-base threats.

Speaking as part of a panel discussion on e-voting at the RSA Security Conference on March 1, Prof. Halderman reiterated that because of the many challenges of securing on-line voting, the technology simply can’t be used safely in the foreseeable future.