Hackers break into voting machines within 2 hours at Defcon

Hackers from around the world had the rare opportunity to crack election-style voting machines this weekend in Las Vegas -- and they didn't disappoint.

After nearly an hour and a half, Carsten Schürmann, an associate professor with IT-University of Copenhagen, successfully cracked into a voting machine at Las Vegas' Defcon convention on Friday night, CNET reports.

Schürmann penetrated Advanced Voting Solutions' 2000 WinVote machine through its Wi-Fi system. Using a Windows XP exploit from 2003, he was able to remotely access the machine, CNET reports.

Voting technology was thrust into the political spotlight when election systems in several states were targeted by Russian cyber attacks. The convention purchased more than 30 voting machines for the event, although, organizers didn't specify how many models those units represented.

"The exposure of those devices to the people who do bug bounties or actually look at these kind of devices has been fairly limited," Brian Knopf, director of security researcher for Neustar, told CNET. "And so Defcon is a great opportunity for those of us who hack hardware and firmware to look to these kind of devices and really answer that question, 'Are they hackable?'"

rts19ona.jpg

A hacker tries to access and alter data from an electronic poll book in a Voting Machine Hacking Village during the Defcon hacker convention in Las Vegas, Nevada, U.S. on July 29, 2017.

Reuters

Synack, a San Francisco security platform, discovered serious flaws with the WinVote machine months ahead of this weekend's convention. The team simply plugged in a mouse and keyboard and bypassed the voting software by clicking "control-alt-delete."

"It's really just a matter of plugging your USB drive in for five seconds and the thing's completely compromised at that point," Synack co-founder Jay Kaplan told CNET. "To the point where you can get remote access. It's very simple."

The Synack team also cracked the machine from a mobile application by installing a remote desktop program to it. In one case study, Synack found a Virginia poll worker hacked the machine to play Minesweeper.

A hacker, who only identified himself as "Oyster," tried to crack a Diebold voting machine after another team had compromised it.

"I hope that we find a load of vulnerabilities in these just so we can open it up to the public to see how serious the problem is," he told CNET.

Hackers at the convention hope their finding will lead to lasting changes in voting machine technology.

Anne-Marie Hwang, a Synack intern, told CNET that changing votes can be as simple as updating a Microsoft Excel document.

"Hacking it is good because it's able to inform politicians and people in Congress about what they should do with voting machines," Hwang said. "If no one ever hacked them, we might be still using things like this."