Watch CBS News

Politics

Calif.: All Vote Machines Tested Hackable

/ CBS/AP

Secretary of State Debra Bowen released the first part of her review of California's voting systems Friday, seven days before she must decide whether to decertify any of the systems for the presidential primary.

It found that computer experts were able to breach all the systems they studied and change the machines' results. But the experts did that under artificial conditions, with unimpeded access to the equipment, a situation that ordinarily would not occur.

Matt Bishop, a computer scientist at the University of California, Davis, who led the team, said the findings must be evaluated in light of the security systems that county election officials have in place before any conclusions can be reached about whether the machines are reliable.

Bowen, who has made electronic voting security the centerpiece of her administration, said she needed to spend the weekend reviewing the reports before commenting on them.

"I am still in analysis mode," she said during a conference call with reporters, "and do not have any conclusion based on reports I have not read."

The review has been rushed because of the earlier-than-ever primary on Feb. 5. It did not include voting systems used in Los Angeles, San Francisco and Contra Costa counties.

Bowen said that was because the company that makes the machines, Election Systems & Software, had refused to give her the information she needed in time. A company spokesman said they delayed because they wanted more information about how the review would be conducted.

By law, Bowen must let counties know six months before the election that she is going to decertify their equipment. That means she must decide by Aug. 3, too soon to complete reviews of Election Systems & Software's equipment.

Instead, a spokeswoman for Bowen said she could subject that equipment to higher standards.

County elections officials see Bowen's "top-to-bottom review" as unnecessary. They say their equipment already meets federal standards and was approved by Bowen's predecessor, Bruce McPherson.

Steve Weir, president of the state association of registrars, said it was not news that voting systems could be breached under ideal conditions.

"They were given permission to get into the systems," he said. "It's not a real world test."

Experts examined systems built by Diebold Election Systems, Hart InterCivic and Sequoia Voting Systems.

One team tried to breach the machines' security. Another tested to see how accessible they were for voters with disabilities. A third group looked at the source code used in the machines. That report was withheld Friday because of concerns that it might contain proprietary information.

Among the findings:

  • The physical security was weak (Testers were able to access the internals of Sequoia's machines by unscrewing screws to bypass locks, and compromise Diebold's AccuVote TSx machine without prompting reminders to voters to check their printed records).
  • Software was overwritable with malicious code (Testers could load a program into a machine's memory which, at the next reboot, loaded malicious firmware, at which point an attacker could manipulate the election results, with no access to source code required; attacks on Diebold's machines allowed testers to overwrite firmware, which could change vote totals, and escalate privileges from those of a voter to a poll worker or central count administrator, enabling them to reset an election, issue unauthorized voter cards, and close polls; testers overwrote Hart's eScan software and issued administrative commands.)

  • Detecting election mode (Firmware loaded onto the Sequoia machine would determine whether a system was in test mode or not, so it could respond correctly to preelection testing and then operate incorrectly on Election Day).
  • Accessing election management systems (Software could infiltrate Sequoia's database directly and execute system commands on the host computer, and access the GEMS server of Diebold's system and take security-related actions that went unrecorded in the server's audit logs; Hart's system software could be penetrated by a hacker who could access the host operating system to gain unauthorized access to the database).
  • Altering data (Testers verified that the Hart system's mobile ballot box card could be altered during an election, and that post-election safeguards to prevent tampered data from being counted could be easily bypassed).
  • Forging materials (Both update cartridges and voter cards could be forged).
  • Capturing audio (A Hart eSlate with audio enabled for visually-impaired voters could have its audio from a voting session remotely captured, allowing an attacker to violate voter privacy.)

    The Secretary of State's office will conduct a public hearing on Monday, July 30, beginning at 10:00 a.m., in the Auditorium of the Secretary of State building in Sacramento.

    You may view the reports at www.sos.ca.gov.

    • First published on July 29, 2007 / 12:49 PM EDT

    © 2007 CBS Interactive Inc. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed. The Associated Press contributed to this report.

    View CBS News In
    CBS News App Open
    Chrome Safari Continue
    Be the first to know
    Get browser notifications for breaking news, live events, and exclusive reporting.