The US election results are now just hours away and with voters using both paper and electronic voting methods some are wondering just how secure the electronic voting process really is.
Last months there were fears that Russia’s involvement in the election could stretch as far as directly affecting the voting process.
To help understand the feasibility of trying to hack a US Presidential election, we’ve called on some experts to give their view on how feasible it is, and whether or not it could actually make a difference.
Firstly lets look at the realities of directly trying to alter a vote. One of the great advantages that the USA has in this regard is that it is a completely decentralised system, that means that different states will use different e-voting machines. Some, in fact most, won’t even use a machine they’ll still use paper.
While that might sound confusing, it’s actually a positive, a hacker wouldn’t have a hope of launching a single attack that would affect all those different machines/methods.
In addition, the voting machines that are used are non-connected, which means that while they are digital, they’re not connected to a single network, forcing a potential hacker to have to physically tamper with the machine itself.
Article continues below...
While that’s difficult, it’s not impossible explains Paula Barrett, international head of Eversheds’ privacy and information law group.
“The Sequoia AVC Edge MK (voting machine) which will apparently be deployed in at least three swing states, can be hacked through altering (“reflashing”) the PCMCIA storage card in the voting machine.” explains Barrett.
“Voters get physical proximity to the machines, so there is opportunity in theory but in the real world there are anti-tampering devices and seals in place to stop some of this happening.”
“The chips on the voting cards could also be targeted and the surprising lack of encryption on the hard drives of some machines also leave them vulnerable to penetration.”
While having to tamper with each individual machine would make this a very time-intensive task Barrett warns that it’s the ripple effect on confidence in the technology that would do the most damage.
What security researchers fear the most however isn’t the vote tampering itself, but attacks on the websites and services which help you to vote.
F-Secure Security Advisor Sean Sullivan explains further saying, “The stuff we’ve found can be used to, say, interfere with get out and vote type initiatives run by parties. That certainly qualifies as a form of interference.”
“There’s also ways for hackers to try and discredit the results. Stuff like that is what should be expected, certainly more so than having someone change votes from one candidate to another,” said Sean.
Explaining further Sullivan points out that: “AP’s system could be a critical point of failure on election night. A threat actor couldn’t actually change the vote, but the results could definitely be undermined.”
“A DDoS [Distributed Denial of Service] attack on the AP’s election night system could result in a delayed tally. And in the current political environment, delayed results will spread suspicions of voter fraud.”
Should we be worried? While experts like Sullivan believe that current electronic voting technology needs to improve quickly, he agrees that it would currently be impossible to ‘hack’ the entire US Presidential election.
For now though he just has this word of warning: “Smartcard technologies are available in several European countries for online identity authentication,” Sullivan said.
“They aren’t widely used. If a country such as the United States were to get serious about rolling out such tech, it would be a game changer.”