Computer scientists from the University of California, San Diego (UCSD), the University of Michigan, and Princeton University have demonstrated that a Sequoia electronic-voting machine could be hacked, and votes stolen, using a programming technique that had not yet been invented when the machine was designed.
The researchers used return-oriented programming to force a Sequoia AVC Advantage electronic-voting machine to turn against itself and steal votes.
"Voting machines must remain secure throughout their entire service lifetime, and this study demonstrates how a relatively new programming technique can be used to take control of a voting machine that was designed to resist takeover, but that did not anticipate this new kind of malicious programming," says UCSD professor Hovav Shacham.
In 2007, Shacham first described return-oriented programming, a systems security exploit that generates malicious behavior by combining short pieces of benign code already present in the system. The researchers had no access to the voting machine's source code or any other proprietary information when designing the attack.
Previous voting-machine security research efforts have been criticized as having unrealistic access to the voting-machine system, but for this study the researchers had access only to information that would be available to anyone who bought or stole a voting machine.
"With this work," says Michigan professor J. Alex Halderman, "we hope to encourage further public dialogue regarding what voting technologies can best ensure secure elections and what stopgap measures should be adopted if less-than-optimal systems are still in use."
From University of California, San Diego
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found