Security News
Get Scanguard Login

Electronic Voting Manufacturer Installed Remote Access Software

This could open the door way to malicious software to take control of an election.

Published by Claire Broadley

A company that supplies voting machines to polling stations in Oregon has admitted that some of its voting management machines were supplied with a remote access tool installed.

The software is typically used for remote access by technical support technicians, and isn’t the type of program you’d want to find on a machine designed for setting up polling booths. However, it’s still a potential opening for a hacker to change the software on a voting terminal.

If you often wonder why the UK doesn’t allow electronic voting, this is yet another example of the security problems they present.

The Problems with Electronic Voting

Prior to 2007, ES&S was found to have supplied voting management terminals with remote access software pre-installed.

Management terminals aren’t for voting, but they allow a user to configure the voting machines in the polling station. In theory, remote access to a terminal could allow someone to hack terminals, or install malware on the machines.

Old voting machine in US museum

Post-2007, all voting management computers in the United States are supposed to be disconnected from the internet.

AVC Advantage electronic voting machines can be unlocked without a key in seven seconds, then modified to alter vote counts. The machine was still in use in the mid-2000s.

 

In 2015, the WinVote -- dubbed the worst voting machine in the US -- was taken out of service for similar reasons.

And in 2017, hackers at DefCon hacked some voting machines within 35 minutes.

Like many machines, the WinVote was running Windows XP long after its end of life phase. As we now know, XP is a risky operating system that is now extremely vulnerable to malware and ransomware.

Will the UK Ever Use Electronic Voting?

Estonia is one notable example of a country that’s digitally transformed its voting system. Citizens use secure ID cards to cast ballots online.

In fact, Estonia was the first country to conduct a general election online in 2005. Why doesn’t the UK do the same thing?

There are two basic reasons. Firstly, Estonia has rebuilt its governmental systems on digital infrastructure, so it’s got a very modern approach to citizenship -- something other countries wouldn’t achieve without significant disruption. Everyone has an ID card that doubles as their own personal digital certificate, so they file their official paperwork online.

Secondly, even with voting machines, many US States still require paper records. So although the machine speeds up the counting process, an X in a box achieves the same result without the cost of buying and managing machines (and, crucially, replacing them when they’re found to be hackable). That is probably why the UK won’t invest in them any time soon.

Before electronic voting, Americans used punch cards to vote. Voting machines are an improvement, but if we’re ever going to have completely secure voting, Estonia’s system seems like the only way to go.