Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
Government Security Politics Your Rights Online

Internet Voting Hack Alters PDF Ballots In Transmission 148

msm1267 (2804139) writes Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to decision makers and voters that things still aren't where they should be. Researchers Daniel M. Zimmerman and Joseph R. Kiniry published a paper called 'Modifying an Off-the-Shelf Wireless Router for PDF Ballot Tampering' that explains an attack against common home routers that would allow a hacker to intercept a PDF ballot and use another technique to modify a ballot before sending it along to an election authority. The attack relies on a hacker first replacing the embedded Linux firmware running on a home router. Once a hacker is able to sit in the traffic stream, they will be able to intercept a ballot in traffic and modify code strings representing votes and candidates within the PDF to change the submitted votes.
This discussion has been archived. No new comments can be posted.

Internet Voting Hack Alters PDF Ballots In Transmission

Comments Filter:
  • Umm, encryption? (Score:3, Informative)

    by thebes ( 663586 ) on Thursday November 13, 2014 @03:39PM (#48381113)

    Why isn't that referenced? E2E encryption eliminates this, assuming the user is not an idiot.

    • by Anonymous Coward

      That's the problem, the users ARE idiots (technically). The most powerful voting block in the country can't tell a PC from a microwave.

    • by Anonymous Coward

      assuming the user is not an idiot.

      Well see, there's your problem.

    • by mlts ( 1038732 )

      I might be wrong, but the last time I checked, the forms feature in Acrobat would allow the stuff in the PDF to be submitted via SSL. It didn't submit the PDF as a file... just the stuff in the forms.

    • Maybe you missed the story from tuesday [slashdot.org] where ISPs can and do turn off the encryption for you?

      Plus, if you've replaced the router's firmware, it can make it *appear* as if you have e2e when you do not.

      • ISPs can't just turn off all encryption. They can only denial of service connections to downgrade encryption for services that offer it.
        • by DaHat ( 247651 )

          They can easily man in the middle it.

          Remember that ISP crapware they installed on your parents PC in order to connect them... did they or you make sure there wasn't a rouge CA in there?

          • there wasn't a rouge CA in there?

            Not sure about the rouge, but there could have been some guy-liner.

            Perhaps you meant rogue?

      • by blueg3 ( 192743 )

        No and no. There are other problems with end-to-end encryption, but you have not identified any of them.

    • E2E encryption likely won't work. The router would set it self up as a proxy to allow a man in the middle attack. But you might be able to use encryption of the ballot itself, not it's transmission layer to avoid a problem. However this would be a pain in the ass since now the user has to somehow assign passwords and stuff.

  • so how about not running an http server but instead using an https connection? Here, solved this one for you.

    • by Shakrai ( 717556 ) on Thursday November 13, 2014 @03:49PM (#48381193) Journal

      Snide answer: How about getting off your ass and actually going to the polling place to vote?

      More contemplative answer: How do you actually prove the person behind the keyboard is the registered voter in question, even if your system is totally secure from threats in transit? How do you prove they're not being unduly influenced, perhaps by an employer or other person with a financial sword to hold over their head? This can be precluded in the polling place with a secret ballot; it can not be prevented if people are voting via computer or absentee. (*)

      (*) Obviously allowances need to be made for people who are disabled or otherwise unable to make it to the polls, but I fail to see why an otherwise able bodied adult should regard a trip to the polling place as onerous.

      • Snide answer: How about getting off your ass and actually going to the polling place to vote?

        How do you know the person at the polling place is actually legally allowed to vote?

        • Snide answer: How about getting off your ass and actually going to the polling place to vote?

          How do you know the person at the polling place is actually legally allowed to vote?

          We could implement some sort of credentialing system.

          • Snide answer: How about getting off your ass and actually going to the polling place to vote?

            How do you know the person at the polling place is actually legally allowed to vote?

            We could implement some sort of credentialing system.

            I don't think Democrats would allow that. It's apparently racist.

          • We could implement some sort of credentialing system.

            You mean like registering to vote?

        • uh, their name is on the voter rolls at the polling place?

          you make it sound like voter fraud is an actual thing.

          • uh, their name is on the voter rolls at the polling place?

            you make it sound like voter fraud is an actual thing.

            You make it sound like it's not.

            • Give me a single solid example - voter validation leaves a paper trail, so the evidence should be easy to come by. And yet the only evidence seems to be in areas that let the dead vote - a avenue of fraud that could easily be fixed by cross-referencing the voter registry with the orbituaries, if only the dead didn't so consistently vote for the people making the rules.

              • by DaHat ( 247651 )

                Give me a single solid example - voter validation leaves a paper trail, so the evidence should be easy to come by.

                Utter BS!

                What paper trail? You walk in, say you are Joe Blow, live at a given street, make your mark and you get a ballot... the only way you know that this was done fraudulently is if the real Joe Blow comes in later to vote and told that he already did... which mathematically wouldn't always happen depending on how well a fraudulent voter picked their targets.

                Want cases of people who were told

              • by Shakrai ( 717556 )

                Give me a single solid example - voter validation leaves a paper trail

                I worked elections for eight years in the State of New York. All we had to go on was your signature and address. The process in NYS goes like this:

                Me: What's your name?
                You: I'm Mr. Immerman.
                Me: *Flipping through poll book, finds you* What's your address Mr. Immerman? (many poll workers omit the address verification, but we are supposed to ask, and I always followed procedure)
                You: 123 Main St.
                Me: Sounds good, sign here please.

                In theory I can challenge you if the signature doesn't match what I have i

                • I believe the problem is that the US has a long history of organized interference in the acquisition of voting-specific ID. I've heard far fewer complaints against the usage of a state-issued photo-ID (aka drivers license, assuming you drive) Even those though can often cost upwards of $50 or so, and have limited usage outside of driving and banking, thus imposing a substantial financial burden on the poorest members of society who still wish to vote.

                  Keep in mind - the social safety net in the US is mostl

      • Snide answer: How about getting off your ass and actually going to the polling place to vote?

        We are in the 21st century. I work from home (or from wherever country I care to travel to and work from there). I can order online virtually any good I need delivered, even food. My finances have also mainly moved online and very rarely would I need to visit a bank branch. Special-interest clubs are dying across the West, as nowadays people often go online to community with people that share their hobbies.

        When al

        • by Anonymous Coward

          Really freaking simple reason: Ability to sell, coerce or otherwise influence a vote.

          Physical presence at a polling location makes it impossible to do these things, at least on a large enough scale to change an election. No one knows your vote so you can't sell it and no one can "check" to make sure you voted a certain way.

          Pure online voting could / would lead to massive fraud, "voting parties" where peer pressure will rule, and otherwise socialize voting. It is one thing to tell someone who you voted for

          • by garote ( 682822 )

            Really freaking simple reason: Ability to sell, coerce or otherwise influence a vote.

            Physical presence at a polling location makes it impossible to do these things, at least on a large enough scale to change an election. No one knows your vote so you can't sell it and no one can "check" to make sure you voted a certain way.

            1. It is possible to design an electronic system where no one but you knows your vote. That is, where no one but you can uniquely verify that a given vote is yours, and that it is set th

            • 1)Possible, but difficult - any system which lets you verify your vote also makes it possible for you to provide that verification to a third party. Which probably means the sytem also has to allow you to produce airtight false verification. You still have the problem though that someone, somewhere needs to be able to discard the false votes to get the final tally - and the system breaks down if they are comprmised.

              2) Your examples are all of disenfranchisement - which is a problem, but one independent of

        • When all the rest of human activity is moving to virtual spaces, why should the practice of representative government not do the same?

          You can have all the virtual-space representative government you want, just as long as it doesn't intrude on the meat-space real government we all have to live with.

          But I see no reason why voting must forver remain an exception to the general tendency of location-independent life.

          If you care so little about a place that you cannot bother to live there, why should you be allowed to vote there? Voting on location-dependent laws has been and should be done by location-dependent people who are subject to them. I think there was a war or something about one group of people who thought the proper location for voting on laws

          • You can have all the virtual-space representative government you want, just as long as it doesn't intrude on the meat-space real government we all have to live with.

            One's relationship with "meat-space real government" has already been carried out through the post, or increasingly online, for a long time now, from filing and payment of taxes to various license applications. People who want to bring something to their local representatives's attention typically send a letter or e-mail or make a phone call, t

            • US citizens abroad, or voters registered to vote in one state but currently in another state,

              Neither are an example of location-independent people, especially not the latter. "Currently" is a dead giveaway.

              • Neither are an example of location-independent people

                You think that having US citizenship makes one somehow bound to the US? Not only are there people who have left the US for good but still vote (often so that they can try to make the US more like the country they currently enjoy living in). but there are also many thousands of people who hold US citizenship but have never lived a day in their life in the US. And with regard to out of state voting, it's entirely possible to be registered to vote in one s

                • You think that having US citizenship makes one somehow bound to the US?

                  Where did I say that?

                  Not only are there people who have left the US for good but still vote (often so that they can try to make the US more like the country they currently enjoy living in).

                  And you can explain why they should have any say in any election in a country they've chosen not to live in? I don't particularly care about those who think they should change where I live to be more like where they live.

                  And with regard to out of state voting, it's entirely possible to be registered to vote in one state, and then spend the rest of one's life in another state.

                  Not legally. It's hard to claim residency in one state when you don't live there anymore.

                  • And you can explain why they should have any say in any election in a country they've chosen not to live in? I don't particularly care about those who think they should change where I live to be more like where they live.

                    I don't really feel the need to explain why. It's simply how things are and have been since well before I was born. It's you who is arguing for a change to a very old tradition in America (and many other developed nations) of absentee voting.

                    "If you care so little about a place that you c

                    • It's you who is arguing for a change to a very old tradition in America (and many other developed nations) of absentee voting.

                      I'm WHAT? I'm arguing for a change? Now I know you're replying to someone else.

                      Really, you remind me of those tiresome Slashbots in the early millennium who read a little too much Heinlein and urged a requirement of military service before one could have voting rights.

                      I've already commented on the events that came about based on people in one place voting on laws to be followed elsewhere. That you equate a fictional requirement for some public service to earn the right to vote, and a logical and existing requirement that you be a resident of the jurisdiction in which that right exists, is the tiresome part here.

                      Some states have very lax requirements for maintaining residence and voting rights there.

                      'Lax' is not 'none', and maintaining a residence is creating a less than location

                    • I'm WHAT? I'm arguing for a change?

                      Is claiming that a status quo is unjust not wishing for change?

                      Your use of the term "currently" when referring to the ex-pats implies a short-term nature of the ex-pat status, which also makes them less than location-independent.

                      I don't see where you get that from. Merriam-Webster defines "currently" as simply " happening or existing now" with no connotation that it's a temporary thing. Many US citizens abroad have left the US for good (or have never lived there, but si

                • by Shakrai ( 717556 )

                  You think that having US citizenship makes one somehow bound to the US?

                  Yes, it [irs.gov] does [sss.gov].

                  And with regard to out of state voting, it's entirely possible to be registered to vote in one state, and then spend the rest of one's life in another state.

                  Possible but not legal; one is required to vote in the state they're resident in. Residency is defined differently in each of the 50 States you're generally required to actually maintain a residence there (i.e., own or rent some piece of property) and may further be required to spend a plurality or even a majority of your time at that residence.

                  • I am aware that US citizens abroad can be subject to US taxes, and states may demand ownership of property for one to legally maintain voting rights there. However, I'm not sure that simply filing income taxes and keeping a property around would satisfy Obfuscant's demand that one be able to vote in a place only if one is subject to the overall laws there. The US simply has too old a tradition of people who have permanently left, and whose sole encounter with US authorities is income tax filing (on which mo

                    • would satisfy Obfuscant's demand

                      If you cannot make your own arguments, at least stop making them up in my name. I made no demand. I stated my opinion.

                      The US simply has too old a tradition of people who have permanently left,

                      Yeah, there are a lot of old traditions that the sole reason they can't be changed is because they are old traditions. The Democrat voting machine in Chicago being one. Using paper ballots at a physical polling place would be another. Oh, wait, That 'old tradition' is one you think should change. Hmmm. Seems like 'old tradition' is only an argument against change when you don't want somet

      • by DaHat ( 247651 )

        but I fail to see why an otherwise able bodied adult should regard a trip to the polling place as onerous.

        But... but... but... your toilet might overflow! [cnsnews.com]

      • I was under impression we are talking about a technical problem here, however if you want to take it to the next level of /. conversation, Ok, let's do that. My answer: most people shouldn't be voting anyway, a vote of one informed intelligent person is cancelled by thousands of uninformed idiots, so what's the difference? AFAIC democracy killed the Republic, the only correct answer is stop playing the game and remove the government judiciously.

        • Ah yes, a meritocracy is definitely superior. And I can only assume you'll be wanting a place on the committee that decides the standards by which such merit is measured?

          It doesn't matter how incompetent the populace is, if you deprive them of a voice in government then you are consigning them to be slaves to that government in short order. And to quote C.S. Lewis: "Aristotle said that some people were only fit to be slaves. I do not contradict him. But I reject slavery because I see no men fit to be mast

  • Do any electronic voting systems actually work by sending around PDFs? If so I don't recall hearing about them.

    • by DaHat ( 247651 )

      From TFA:

      PDF ballots have been used in Internet voting trials in Alaska, and in New Jersey as an voting alternative for those displaced by Hurricane Sandy.

  • by JohnnyDoesLinux ( 19195 ) on Thursday November 13, 2014 @03:53PM (#48381215)

    I do PDF processing using a server class rack mount machine. Damn, if I could have known that I could have used a cheap off-the-shelf router to do this, I could have had a raise..

  • The attack relies on a hacker first replacing the embedded Linux firmware running on a home router.

    Well then, the obvious answer is to not have embedded Linux firmware on the home router. There, problem solved.

    We know voting from home is fraught with dangers, but this is another one of those situations where you would have to spend inordinate amounts of time tracking down each router, finding a way to get into it, change the firmware, then wait until you're sure the person is in the process of vot
    • by DaHat ( 247651 )

      You don't need to know the specifics of each and every router... just one or two which there are enough of that you can identify and exploit remotely.

      Coming up with a single fake drivers license and voting gets you only a single vote... exploiting say... the standard ISP provided router may be a bit harder... it will get you far more votes and less visibility.

  • love,

    your pals @ diebold
  • Paper? (Score:5, Insightful)

    by xtal ( 49134 ) on Thursday November 13, 2014 @04:28PM (#48381453)

    Seriously?

    Whats wrong with paper?

    Lots of systems for automatically dealing with it. Unique and irrefutable record. Easy to recount. Don't like one machine? Design a better one to scan and count. People really pissed off? Count those SOBs one at a time in front of a crowd on a big-screen TV.

    Ballot boxes are easily placed out in the open; they're easily observed and tracked by as many people as would like to. The entire way through the process.

    Lots of very large, modern democracies just use paper. Including your neighbours up north. X marks the spot.

    Crazy.

    • is what's wrong with paper. Long lines in poor neighborhoods. Broken machines. Polling places closing hours early when you know people can't take time off to vote

      You'll never see voting day a national holiday because the powers that be don't want the lower caste voting. Progressives do though, and we're trying to come up with ways to combat voter suppression. From the progressive standpoint who cares if it gets hacked? The paper vote has already been hacked so to hell by voter suppression that things can
      • Re: (Score:2, Informative)

        by Anonymous Coward
        But you can solve that with paper, too. In fact my state does: I live in a 100% vote-by-mail state, so there's no lines and no worries about having election day off or time to votes. It's not a perfect solution, but it does solve those problems. Although you can also print off a ballot if you lose the one mailed to it, which is less secure (all you need is a name and birthdate). Also, voting not in a voting place means there's no controls to prevent coercion and ensure vote privacy.
        • The trouble with just Vote By Paper is it's equally vulnerable. It's not hard to make sure that it's tough to register for it. The mailings can (and have) "gone to the wrong address", etc, etc.

          I'm not opposed to vote by paper. Indeed the bottom rung of society will still need it (they can't afford a computer + internet connection). But a two pronged assault on voter suppression is definitely a good thing. If the lower classes could vote more I don't think we'd have lower classes :P
      • The problem with making election day a national holiday is that we usually have more than one day of elections in a year. Maybe it's enough just to make the 2nd Tuesday in November a holiday but you've also got the primary elections and special elections that come up from time to time. I can remember having as many as 4 elections in a year. I think it would be better to have more than one day for an election and have it over a weekend, perhaps Saturday to Monday or Friday to Sunday. I like our system he

  • by ShadowRangerRIT ( 1301549 ) on Thursday November 13, 2014 @05:17PM (#48381805)
    How is this even noteworthy technologically? He's assuming he can modify the router firmware. "If I completely replace the software handling my data, I can change the data!" Seriously? That's the dumbest, most obvious thing possible.
    • It's dumb and obvious to anybody who knows anything about tech. That is, nobody in politics. That is, nobody responsible for deciding whether to use these machines. When policy is drafted by people who just say whatever the highest bidder pays them to say, it helps to point out the obvious.
  • Um, SSL? (Score:4, Interesting)

    by Craig Ringer ( 302899 ) on Thursday November 13, 2014 @07:38PM (#48382737) Homepage Journal

    Otherwise known as the "voting machine company was too stupid to implement SSL" attack?

    Or, for email, the "what idiot thinks email is secure without local S/MIME or PGP signatures" attack. Seriously, on-wire tampering is the least if your worries if you're *emailing* ballots around.

  • If this can happen at home router level, think what can be done at the ISP. This is not an issue of router security, because your traffic can be intercepted with other techniques, this points to a much larger problem that electronic voting results can be changed in transit and they travel over open internet. Who can change packets in transit, let's see:
    * US government (NSA, FBI, or any other agency with full access)
    * Government sponsored hackers (Russia, China, etc...)
    * Your ISP (Comcast, Verizon, etc)
    * Bac

The amount of time between slipping on the peel and landing on the pavement is precisely 1 bananosecond.

Working...