Indian voting machines open to electoral fraud

Researchers have warned that the voting machines used by India's 700 million electors are vulnerable to tampering that could affect the safety and security of the country's elections.

Electronic Voting Machines or EVMs have been in widespread use in Indian elections since the early 1980s. Most are of a type known as 'direct-recording electronic' machines, which have been used in California, Florida, Ireland, the Netherlands and Germany, but abandoned amid security concerns.

India's devices are manufactured according to top-secret specifications by two government-owned companies, ECIL and BEL, who also export EVMs to countries including Nepal, Bhutan and Bangladesh. A number of other countries including South Africa are believed to be considering similar systems.

Indian authorities claim that the simplicity of the machines' design ensures high levels of security - but a team of academics from the University of Michigan, working with experts from IT security firm Netindia, claim the devices are vulnerable to at least two serious types of interference.

In a paper entitled 'Security Analysis of India's Electronic Voting Machines', to be presented at the Conference on Computer and Communications Security beginning today in Chicago, researchers outline a number of security vulnerabilities affecting the machines, and demonstrate two scams that they say could be carried out by fraudsters with only brief access to the devices.

The first involves simply replacing the machine's LED digital display read-out with a fraudulent one that uses a Bluetooth controller, enabling fraudsters to remotely alter totals in favour of one candidate or another using a mobile phone.

The second attack requires only the briefest access to a device, and uses a 'clip-on memory manipulator' to interfere with the programmable EPROM chip used to store voting numbers, enabling fraudsters to stuff the device with bogus votes.

The authors note that counting in Indian elections sometimes occurs as long as weeks after the actually vote, giving fraudsters ample time to access EVMs while they are in storage.

"There are nearly 1.4 million EVMs in use throughout the country, and criminals would only need access to one of them to develop working attacks," the paper claims.

"Dishonest insiders or other criminals would likely face less difficulty than we did in obtaining such access. There are many other possibilities for manipulating Indian EVMs, both with and without the involvement of dishonest election insiders."

Authorities in India have so far dismissed attempts to discredit EVMs, with one of the authors of the paper, whistleblower Hari K Prasad (pictured), being arrested by Mumbai police in August. Prasad was accused of stealing one the device he studied, and has since been released on police bail.

A video of the team's fraudulent EVM modifications can be found here.