Computer Scientists Demonstrate Vulnerability in Electronic Voting Machine
A team of computer scientists from University of California, San Diego, the University of Michigan, and Princeton University – including Assistant Professor J. Alex Halderman in CSE at U-M – has demonstrated how criminals could employ a relatively new computing technique to hack an electronic voting machine, steal votes, and potentially change the results of an election.
The machine used in the demonstration was a Sequoia AVC Advantage system. The research team reverse engineered the hardware for the system and developed a simulator to study the system software. The technique they used to gain control of the system, known as “return-oriented programming,” did not exist at the time the system was designed. Return-oriented programming is a powerful systems security exploit that generates malicious behavior by combining short snippets of benign code already present in the system.
This research shows that voting machines must be secure even against attacks that were not yet invented when the machines were designed and sold. Preventing not-yet-discovered attacks requires an extraordinary level of security engineering, or the use of safeguards such as voter-verified paper ballots, according to the research team.
What's the most secure system for voting, in the opinion of these CS researchers? Not computers, but paper ballets combined with optical scanning.