UCSB researchers find serious vulnerabilities in California voting machines
Wednesday, September 19th, 2007Richard Kemmerer and Giovanni Vigna, two researchers of the UCSB Department of Computer Science, have found that several electronic voting machines have serious security vulnerabilities.
The UCSB team tested one of the three major brands of electronic voting machines, which are used in 48 of California’s 52 counties. Of the other two brands, one also was banned and the other was allowed to remain in use with tight security precautions. After about five weeks of working with the machines, the UCSB researchers found the Sequoia systems vulnerable both physically and electronically.
Their report to the secretary of state covered just about every imaginable way to skew an election, from sneaking in a stack of phony voting cards to infecting the electronic voting systems with malware. The team could only share broad outlines of their attacks – many of the details are still being kept secret by the state government.
Kemmerer said writing the malware to infect the system would take a highly skilled computer scientist, but starting the hacks would take very little training. He said the team tampered with the voting system without access to its source code.
“Even with the paper trail that is mandatory in California, you would not be able to tell that someone had modified the election. These machines were very vulnerable. This is a great victory for the public.†said Giovanni Vigna.
(Source: Pacific Coast Business Times - August 16th 2007)
The UCSB Office of Technology & Industry Alliances is currently marketing an anomaly detection technique developed by Richard Kemmerer and Giovanni Vigna that automatically translates suspicious web requests into anomaly signatures. For more information about this invention, please contact Franco Caporale at 805-893-2073 or caporale@research.ucsb.edu.