I hope this blog post scares you. This year’s election promises to be a close one, and regardless of which candidate you support, the concern of a rigged election has most likely crossed your mind. This post is the first in my series of “Jack’s Hacks,” an investigation into the security of society’s most important computer systems. For this week’s post, in order to determine if my fears of a rigged election are rational, I challenged myself to vicariously hack America’s voting system.
How can it be done?
As it turns out, anyone can hack this year’s Presidential Election. Oh, and in case you are wondering, here’s how to do it (please, please, please don’t try this at home):
- Buy a Palm Pilot and a small magnet on Amazon
- Move to South Carolina via your favorite form of transportation (plane, donkey, unicycle, etc.)
- Use the Palm Pilot to remove voting data from iVotronic voting machines
Why can it be done?
The United States does not rely on a centralized voting system; that is, distinct voting districts all across the country collect and store votes independently. This type of system prevents hackers from accessing a central mainframe and manipulating the votes. Most election districts implement safe and secure systems to protect voters’ choices and retain physical evidence of votes for proof. However, certain voting districts use voting systems that hackers can easily attack.1
Who is the culprit?
Of the voting machines I researched, the most vulnerable was a device called the iVotronic, a direct recording electronic (DRE) system which leaves no paper trace of votes. South Carolina, Georgia, Louisiana, New Jersey, and Delaware still use the iVotronic despite its notoriety for being easily hackable. Other states use DRE technology, but retain paper copies of the votes in the case of a recount or malfunction.2
Voters cast their votes on the machine by selecting their candidate of choice on the iVotronic’s touch screen, and the iVotronic then stores this vote on its private memory. To tally the votes, poll supervisors use a small handheld device called a “personalized electronic ballot” (PEB) to extract the votes from each machine.
The big heist
Anyone can create a fake PEB; all it takes is a Palm Pilot and a small magnet. Once in the poll booth, a hacker can use the PEB to communicate with the iVotronic machine via a slot in the machine (a hacker can remove the cover to this slot using only a screwdriver). After acquiring access into the iVotronic, the hacker must enter a password as a security check. However, the hacker can easily bypass this step if the fake PEB is disguised as a “quality assurance” (QA) diagnostic device, in which case the iVotronic does not ask for a password. While a QA PEB doesn’t have full control over the system, it can still erase all of the votes stored on the machine and disable the machine on election day.
There you have it folks, plain and simple: America’s democracy can be hacked by anyone who has a bit of technological know-how and a $50 Amazon gift card (insert mic drop emoji). Stay tuned readers: next time we will learn how to hack Harvard.
Jack Duryea is a freshman in Wiess College at Rice University.
Voting methods and equipment by state. https://ballotpedia.org/Voting_methods_and_equipment_by_state (accessed 10/1/16), part of Ballotpedia.
Aviv, A.; Černý, P.; Clark, S.; Cronin, E.; Shah, G.; Sherr, M.; Bla, M. Security evaluation of ES&S voting machines and election management system. https://www.usenix.org/legacy/event/evt08/tech/full_papers/aviv/aviv_html/ (accessed 10/1/16), part of University of Pennsylvania Department of Computer and Information Science.