During the November 2014 election, voting machines continually crashed in the state of Virginia. As a result, an investigation was started to look into this problem. What they found was an alarming vulnerability that dubbed these machines as “the worst voting machine in the US” (“Tampering with US voting machine”).
The Virginia Information Technologies Agency, VITA, spearheaded the investigation. They discovered many problems with the AVS WinVote touchscreen Direct Recording Electronic, DRE, machine; this machine was made by Advanced Voting Solutions whose domain is now owned by some Chinese organization. These machines were so vulnerable that an individual would only need a laptop and some free software. The simple steps are shown in the image below.
WEP stands for Wired Equivalent Privacy. This protocol was created in 1999 and aimed to provide more confidentiality to the current wireless network. The protocol was denounced by IEEE in 2004. In 2005, the FBI gave a demo in which they cracked the protocol within three minutes only using publicly available tools. WEP was superseded by the Wi-Fi Protected Access, WPA, 2003 and fully ratified by IEEE in 2004. Thus, it is rather alarming that these voting machines would still use an outdated and insecure protocol to protect their machines.
The system within these machines do not keep a log, so there is no way to tell if they have been tampered with. In fact, Jeremy Epstein from SRI International reports that the only reason these voting machines may not have been tampered with is because no one has thought to do it with such simple steps.
Due to expenses and limited time, the state of Virginia is not quite sure how they are going to resolve this issue as getting new voting machines is rather difficult; officials say that it will cost about $130,000 to replace each machine. As a result, county officials throughout Virginia are trying to borrow machines from other states in order to get through the upcoming June election.
– Kaitlin Keenan (kmk6940)