Electronic voting machines used for US elections between 2002 and 2014 would have been extremely easy to hack, according to reports.
The AVS WinVote machines were used during three presidential campaigns in the state of Virginia and would receive an “F-minus” for security, with many using “abcde” or “admin” as passwords.
Jeremy Epstein, of non-profit organisation SRI International, who served on the Virginia state legislative commission and has been investigating the machines for some time, is relieved that they have now been decertified.
“The vulnerabilities were so severe, and so trivial to exploit, that anyone with even a modicum of training could have succeeded,” he explained. “They didn’t need to be in the polling place – within a few hundred feet (e.g., in the parking lot) is easy, and within a half mile with a rudimentary antenna built using a Pringles can. Further, there are no logs or other records that would indicate if such a thing ever happened, so if an election was hacked any time in the past, we will never know.”
In an interview with the Guardian, Epstein also explained that his conversations with Brit Williams, the original certifier of the voting machines, had been equally concerning.
“I said, ‘How did you do a penetration test?’ and he said, ‘I don’t know how to do something like that’.”
The Virginia Technology Agency today published a report condemning the WinVote machines, which have also been used for elections in Mississippi and Pennsylvania. It found that the machines ran a version of the Windows operating system that had not been updated since 2004, leaving them susceptible to relatively simple malware and hacking attempts.
The news comes at a time when the UK is preparing for its own vote, with the general election scheduled for next month. Although electronic voting, or e-voting will not be available this year, it is reported to be in place for the 2020 election.