Voting Rom Swapped In 60 Seconds


It’s been a while since we had a voting machine hack, but this video that [Marcel van der Peijl] sent in not only reminds me of Real Genius, but makes a great point. Maybe one of these voting machine companies will wake up, bring some decent designs to a hacking con and get things right. These guys popped apart a machine and fully swapped the roms in 60 seconds. How’s that for stealing a vote?

41 thoughts on “Voting Rom Swapped In 60 Seconds

  1. i dont know about the rest of you but that scares the hell out of me.

    A question though, how would he pull out those IC’s like that that quickly and that easily and just replace them like that. is it just a demonstration or would it actually work after that kind of man handling?

  2. yeah it would have worked fine with the treatment. But it was unlocked. there is a lock on the damn thing that they did not even touch. It is easy to get in a castle when the drawbridge is down.

  3. Wow

    Its such a shame they dont have voting machines where i live, just paper.

    Actually a good thing they use paper

    This should make good news if they put it on tv

    There would be a massive panic and everyone would have to tick boxes rather than hacking voting machines to play chess

  4. They also found that the keys can be ordered on-line for about next-to-nothing for a whole box of keys.

    And these machines are stored for 364 days a year in an unsupervised location…

    I likes one of there replacement ROMs: it turns it into a chess computer.

  5. If they had used a pair of electric screwdrivers, then they could have done it in 40 seconds!!

    The chip puller they used makes it easy to pull out DIPs quickly, but a regular screwdriver works well too. The trick is inserting the DIPs quickly — most come from the factory a little wide. If you pre-bend them and stick them in an empty socket beforehand, they’ll be quicker to insert in the real thing.

    My favorite hack was some people who looked at the photograph of the diebold key on the company’s e-commerce site, measured the cuts in the photo, and then produced a working key: http://www.bradblog.com/?p=4066

  6. these machines are dutch,
    and i live there. actualy i used one of these while voting for the local elections. i’m ashamed that these computers (built by Nedap) are so easily hacked..
    i think hacking should be fun and challenging, but it should be impossible to mess unnoticed with these devices!
    at least there should be more than 4 screws, and there should be some supervision.

    @nick, this has already been broadcasted, and our major city, amsterdam used pencil and paper from then on, but still way too much of these devices are used!

    @dan, i never noticed any locks. and even then, during the elections the machines were supervised by politicians, so the only persons that would mess with it, had those keys!

  7. Ok I think I know that all systems are vulnerable but that was ridiculous. Those locks are easy to get through. And more screws just means a tiny amount of more time. Those chips should be soldered in after being programed… um, is that even a good idea?

  8. They should have security procedures like they have in the gaming industry (i.e. slot machines).
    The ROM chips have security tape across them that has custom graphics and is signed by the inspector. The tape becomes brittle with heat generated by the ROMs so it’s easy to apply, but impossible to remove without breaking it.
    It doesn’t prevent access but is pretty good at making any such attack obvious.

    An inspector would check the ROM chips of every machine and verify they contain the state certified software, and apply this tape. After voting, every machine is verified to have intact tape and the chips are verified again.
    Problem solved.
    This has been done in gaming for decades and has worked very well (when implemented properly). Why has this been such a big issue for so long?

    -Dan

  9. i worked for Pinellas country as a temp tech for the election last November. Actually I was a working for Sequoia Voting Systems, with the country, or something like that. Anyway the way their electronic voting systems were set up is the system OS with all the vote information and all was on a PCMCIA memory type card thing on the back. It would be even easer for an assailant to do a swap on those machines because the goods weren’t even inside it. BUT its not that simple. During election time these parts of the machine are locked and tagged with those plastic tampering tags. If a tag is broken the machines data was null and void. While this could affect the voting results if by chance that machine held the votes that were to greatly affect the vote, its highly unlikely. and the chance of affecting the outcome of an election us much less than actually replacing the data and getting away with it.

  10. even if they knew that the chip was swapped during an election that means that they have to redo all votes that were done on all electronic machines because you cant trust them now. its like having a computer replaced by a malicious box on a network. you have to look at all of them

  11. Appears there are locks. Where they unlocked prior to recording the video? Me thinks this was spun for effect.

    That unsupervised minute means nothing, if the noise attracts attention.

  12. In last year’s election, the voting machines were stored in a water district office not far from where I live. This office has meeting rooms that are used for screening various documentaries throughout the year. I think you can guess what happened… A documentary on electronic voting was being shown, so a few of the viewers brought out a machine and set it up in the audience to watch the film with them.

    I’ve cut keys and I’ve also destroyed them. I could cut a working key for the voting machines in the time it takes you to vote.

  13. The reason they don’t solder the chips to the board is because of system updates… these things are built and programmed by the lowest bidders, if a bug is found in the ROM software (there almost always is), and the ROMs are soldered to the board then a recall has to be made on all the voting machines that have that ROM version… Sending out new ROM chips is cheaper and easier…

    The signed security tape is probably the best bet for security DURING the vote but if you have a corrupt official signing the tape then, um well… nuf said.

  14. I don’t see what all the fuss is about. Yes they could have designed the system to be more secure but if this were a paper ballot case, a swap such as this would be 100 times easer. Its not perfect but its better than before. Its highly unlikely someone would have the opportunity to rig an election this way.

  15. We are not shown the results of the hack. Does the machine accept the new ROM? Surely some encryption/ signing scheme in operation?

    That said, the machine is already much safer than a paper box! The equivalent hack on a paper system would be much faster!

  16. I just noticed: My local bank machines are made by diebold… :S !
    I’m afraid for my moneys…

    As for not putting back all the screws: You don’t need all the screws, you never need all the screws. They just make it take longer to hack…

    (Just finished fixing a keyboard for a relative: simple repair, but about 350 screws to remove and replace…)

  17. But not replacing all of the screws will just let the people know it was tampered with. With this sort of hack the less change average people see the easier it is to get away.

    my suggestion slow down people by adding more screws and make their own screw head much like Nintendo did with their tri-wing screw, or Macdonald’s happy meal triangle screw (i am still not sure why they don’t want you to take apart their toys, maybe they have tracking devices built in they they don’t want you finding out about)

    but in the end you can only slow them down, and make it so that changes will be visible. With the way the current election system is run there is nothing you can do to prevent them from modifying the results, whether it is voiding a machines votes or actually getting away with changing the data.

  18. Slot machine tape: works really well to verify that the rom has not been tampered with… unless: 1: someone else gets ahold of a roll of tape. 2: someone uses slight of hand to swap the roms after the verifier tests the rom but before he/she inserts and tapes the rom. both cases have occured in vegas, and it took months to years to find out about.

    chainging the vote: it takes a lot of time to destry and replace paper ballots. It takes mere seconds to do the same in digital form. There are a million things that computers are better at, but secure voting isn’t one of them. In paper ballot cases, hundreds of volunteers are caretakers of perhaps a few thousand votes each person. In digital form, a few ‘volunteers’ are checking millions of votes each. The right people, in the right place, with 5 seconds to kill.. can swing a digital election any way you want it to go.

    without biometric voter verification and vote full visability, electronic elections are a sham. (vote visability means that 1: a voter can at any time see the result of their vote.. even years later, to verify that their vote still ‘exists’ somewhere, and was counted.) a paper trail exists for paper votes up to three years. virtually nothing exists in any true and unalterable form in the digital realm.

  19. I was just thinking, what if all votes were registered over the net on a couple of redundant servers, onto which people could log in and check their votes. It would be much more efficient, and, due to peoples ability to varify their votes, near tamper proof on the client end, (Unless someone was able to hack the server software that is)

  20. For those of you saying, it has a lock or people watch it. There are things in this world called corrupt politicians, and they do terrible things for money and power. 60 seconds alone with that box would not be that big of a bribe.

    Also the votes could have encryption, but if the key was bribed off someone, then you could program the ROM with the encryption. And if they use these things in a state, think of a politician having a systematic attack on many of the major polling places. Even if there are countermeasures governments always love cheap stuff, so how many things are promised to be implemented, but never are.

  21. Pretty cool way to show a flaw in a product.
    In Australia, its all done by hand anyways.

    and call me stupid, but how did you get the youtube video timer to count down (from 60), instead of go up?

    I have never seen it before.

  22. Don’t you guys think that some politicians want theses machines to be unsafe? Wake up..

    It is not that hard to make a system a little more secure.. just have a second system inside the case (disconnected from the voting system) checking all the important parts (like rom checksums and case integrity using sensors) and have this second system triggering an alarm on a network or even audible if anything is messed with.

    The online server system would work only IF no connection between the voter and the vote is recorded. A paper could be printed in the machine for the voter assigning a random number (a password) to its vote (also in the paper). This way anyone could check its vote later and would not have its identity revealed.

  23. electronic voting machines, ha.
    I don’t know why some people forget the bigger something is the harder it falls, or in this case the more you squeeze your grip the more people slip though, oops I mean the more you try to hack proof something the easier the back door illuminates itself. there that last one was an original. 8 )

  24. i think that even during election days units like these are still very vulnerable. my district votes with a kiosk setup similar to this in an old country school. i dont think that large, well-manned, closely-watched voting stations are the big targets here, but small ones in rural settings.

    where i vote, and in most districts where i vote where the elections happen at country schools, old store buildings, etc., this would be easy to pull off.

    im not in favor of doing so, but the fact that a couple of us could do it so quickly and so easily, well, thats something scary.

    i agree that the makers of these machines need to open their original specs up to the hacking community [and make those machines obsolete immediately.]. the hacking community, much like the free market, will always yield the most effective results.

  25. There is no excuse for this crap. The machines (I’ve read elsewhere) use old LS7400 series logic, popular in the 80’s! For christ sake, get a PLD or FPGA in there!

    @cailen: All modern microcontrollers made in the last decade (basically) can do in-circuit programming and debugging, meaning you just plug in a cable and flash the ROM. There is *no* reason for sockets in production! These should all be small surface mount chips soldered down and epoxyed over the pins (or something). It looks like they just went through an ancient parts bin and grabbed what they could. Seriously, it’s pathetic.

    As far as security, it’s ridiculous (as seen in the video). One approach would be to use some sort of public key encryption system were registered voters get a key. Of course, that doesn’t really protect against these man-in-the-middle attacks if you can easily modify the hardware!

Leave a Reply to JeffCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.