Breach podcast: Step 4, election hacking — Counting the vote

DefCon Voting Village report (Click for PDF)

Once you leave the polling place, an intricate dance of technology takes place.  Perhaps the machine you used creates a local tally and prints out an end-of-day receipt, which is later added to tallies from other machines in that precinct, in that county, and that state. The counts themselves must be accurate, but perhaps more important, the transmission of the counts must be secure.  Many experts see this as a vulnerable step.

Just click play above, or listen to the podcast on Stitcher

or on iTunes


“If we’re able to modify the transmission of vote tallies back and forth across these systems, we could potentially influence the vote,” said Mark Kuhr, a security expert with Synack Inc.

The votes might be sent over the Internet. They might be sent via “sneaker net,” with a courier driving memory cards to a central location.  In some states, vote tallies are transmitted wirelessly. And that introduces more potential problems. States that do this claim the data is encrypted, but experts worry about vulnerabilities – such as so-called man-in-the-middle attacks.  Devices like Stingray machines – often usually by police to intercept smartphone transmissions — can pose as cellular network towers and download all information sent towards those towers.


So when you look at, you know, going to a polling station and putting your vote in, a lot of times
that’s an electronic machine, but then at the end of the day that gets transmitted back to uh, a
central place to for the vote to be counted.
This is Mark Kuhr from Synack again.
And that’s where vulnerabilities can come into this — this system as well is — is on the network
side. If we’re able to modify the transmission of vote tallies back and forth across these systems,
we could potentially influence the vote.
Of course, my vote needs to be sent somewhere. It doesn’t just get counted at my precinct. It
has to actually go somewhere to be counted. This just actually never occurred to me.
And right now in Florida, Illinois, Michigan, and Wisconsin, they all send their votes wirelessly
over cellular networks to be tabulated. And now the states will make claims to say that the
voting machines themselves aren’t connected to the Internet, and when the data is being
transmitted, it’s encrypted and authenticated. So they believe that this is safe, but not everybody
So states that use wireless cellular networks, can those be hacked?

So the answer is absolutely.


About Bob Sullivan 1334 Articles
BOB SULLIVAN is a veteran journalist and the author of four books, including the 2008 New York Times Best-Seller, Gotcha Capitalism, and the 2010 New York Times Best Seller, Stop Getting Ripped Off! His latest, The Plateau Effect, was published in 2013, and as a paperback, called Getting Unstuck in 2014. He has won the Society of Professional Journalists prestigious Public Service award, a Peabody award, and The Consumer Federation of America Betty Furness award, and been given Consumer Action’s Consumer Excellence Award.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.