RowHammer of The Gods - A Whistlestop Tour of Election Security

After the utter dumpster fire of an election that occurred in 2016, and the 2 year+ investigation into election meddling, propaganda work through troll farms across all forms of social media and multiple high-profile data breaches that followed – trust in Western democracy is not at its highest, it is safe to say.

The rising scrutiny on election security has brought to light some (frankly terrifying) things we might not have known before on how vulnerable our election processes both sides of the Pond are.

This article is going to be looking at how electronic voting works both sides of the Atlantic – voting machines, e-mail ballots etc. – and how they might not be as secure as you might like.

State of The Union (Jack) - The UK Electoral System and Electronic Voting

In keeping with out general love of keeping pointless, outdated things going because of “tradition” - somehow we still have zero method of voting online, or even electronically.

You can register to vote online, sure – but you still have to go through the process of working out exact GPS co-ordinate in the arse end of the city/town you live in is your polling station, take time out of your day and go hand in a piece of paper, with your choice marked by pencil. PENCIL.

You then hand the little card with your “X” on it to one of three or four people who just seem glad to be warm and inside, rather than wanting to be there in the first place and boom!

You have gotten your democracy on for another 18 months (judging by the rate of general elections these days).

Quite why we’re still doing one of the most important civic duties a UK citizen has - voting in an election – like we’re still in a Dickens novel, I have no idea.

I’m sure there are reasons – both legitimate and less so – but as it stands, the only electronic component that voters themselves were able to use as of the recent 2019 general election was registering to vote online.

It was hoped that making the process of registering easier, turnout would increase – which it has, though 2019’s turnout was down from 68.7% in 2017 to 67.23%.

Multiple groups and individuals have called for online voting to be implemented over the last decade or so, but all have met fierce resistance from lawmakers and government, due to concerns about fraud and election security.

May I refer the learned scholar to my earlier statement that we use f***ing PENCIL at the moment? We are aware its arch-nemesis – the eraser – exists still, right?

We will have to see how things go in the future, to see if we ever do implement e-voting.

Time to see how our friends over in the US handle electronic voting and voting security in general!

How To Break Machines And Influence People - The US Electoral System

Well, as we can all likely agree, US elections are fairly staid, uptight and dignified affairs.

Calm, non-partisan exchanges of ideas happen and nothing much of account occurs – the media barely even mention them.

Nope. Couldn’t keep a straight face either.

The 2016 election really brought a LOT of extra scrutiny on the actual process of casting votes, counting them and the voter registration process – as well as on the process of campaigning.

But for the first time in recent memory, there was an unprecedented level of ire and scrutiny placed on the voting machines themselves.

The 2018 midterms brought election and voter security back to the fore, with events in Georgia bringing issues like voter suppression and how the security of the machines used contributed to what certainly felt like a somewhat unfair gubernatorial election to Georgian voters, based on public outcry.

We can only speculate over what might come up during what will surely be an eventful election cycle in 2020.

How come these machines are getting all this flak? Let’s take a look and find out!

What Machines Are In Use and How Do They Work?

According to ProCon.org, the majority of voting machines in use in the US electoral process are manufactured by one of four companies:

• Premier/Diebold Accuvote TS

• Election Systems and Software (ES & S) iVotronic

• Hart InterCivic eState

• Sequoia AVC Edge

They all mostly operate in a roughly similar manner – electronically recording and tabulating votes to make the eventual counting and announcement of results easier.

Most operate by touchscreen (the voter in question pressing buttons on the touchscreen to indicate the choice made) or through the use of a “selection wheel” - kind of like the click wheel on an iPod Classic.

God, I miss those.

Some of those machines require an access card of some description to make sure only authorised and registered voters can operate the machine. Some use an electronic ballot or access code to perform access control.

These electronic votes, once made are recorded and tabulated, and then stored in the internal storage of the given machine.

Depending on the machine, a paper trail audit process may be in place – the Accuvote for example, prints out a receipt to give to a poll worker to also produce a physical record of voting activity.

If you’re interested in what machines are in use where, and want to know in-depth how they all work (the instruction manuals are there too!) , you can find a detailed breakdown here.

What Weaknesses Are There In These Machines?

Remember, these machines and the results they tabulate help decide who gets to be PRESIDENT and in charge of the largest and most advanced military in human history. This is really, really important to get right.

Unfortunately, it wouldn’t be cybersecurity if it wasn’t also f**ing terrifying – so let’s get into some of the ways hackers and cybersecurity professionals have found gaping holes in voting machine security.

Outdated Operating Systems Running On Machines

First on the list on today’s episode of “Holy f**k, we’re screwed” is the fact that the Associated Press reports that the “vast majority” of the 10,000 election jurisdictions that make up the election process are running on Windows 7 or earlier.

You know, the one that just ran out of end-of-life support on the 14th January 2020, meaning any further security vulnerabilities will be unpatched and completely exploitable ?

That Windows 7, yeah!

But WAIT, THERE’S MORE – it has also been reported that in addition to widespread use of Windows 7, during the 2018 elections, voting machines in Georgia ran Windows 2000. Microsoft hasn’t supported that since 2010.

AP also reported that until 2015, Virginia used WiFi-connected voting machines last updated in 2005 and had an administrator password of “abcde”.

Can you hear the sounds of CISOs crying, or is it just me?

Windows 7 has a host of well-known security vulnerabilities – it’s a favoured practice ground for hackers starting out their security careers. EternalBlue and the rest of the Eternal exploit suite, anyone?

The fact that these critical machines are running on this at best, is a real cause for concern – the operating systems used on these machines are the ones used as PRACTICE for beginner hackers. What do you think advanced, well-funded, state-sponsored cyberattackers are gonna do?

Voter Registration Systems and Databases Prone To Hacking

An AmericanProgress.org article in 2017 details that in 2016, hackers breached voter registration databases in Illnois, compromising up to 90,000 people’s personal data – names, addresses and party affiliations.

In 2015, a researcher named Chris Vickery uncovered a database just sitting on the Web with 191 million US voter registration records on them. 300GB of massively sensitive personal data with what looked like every registered US voter on them, just there for the taking.

You see, it’s not just the machines themselves that have valuable data to protect from malicious actors. Where does all the data of people authorised to vote get sent? Where is it stored? How secure is the hosting network?

The rate of large scale breaches in the last couple of years should tell you everything you need to know about the level of confidence you should have in the storage of data from something running on Windows 7 or earlier.

Maybe the machines that are used to actually do the voting are air-gapped from the actual Internet ( though sometimes even that is up for debate!), leaving a potential argument for some security being in place – but the same cannot be said for the equally sensitive stores of data of people registered to vote.

They absolutely ARE connected to the Internet in places – as can be seen from previous breaches.

These are the crucial lists used to tally those electronic votes and check that they’re valid.

You can check a voter’s name and information against them, to make sure there isn’t just someone typing in name after name to swing an election their way.

Or if altered, legitimate American voters could face being turned away at the polls on Election Day.

Destroy confidence in the integrity and security of these databases, and confidence in the whole process starts to erode with it.

At least, if all else goes to hell in a handbasket – we’ve got paper records to rely on, right?

Right?

Lack of Verified Paper Ballots/Records

According to a Scientific American piece and multiple other pieces of research, around 79% of votes cast across the US are recorded on a piece of paper.

That leaves 21% of all cast votes with no paper trail whatsoever to track and audit them.

No paper trail, no audit.

No audit, no way to know if your results have been messed with at all.

If someone has managed to break a voting machine and enter hundreds of fake votes – how would you know they were fraudulent without a paper trail to check against?

Just print out the electronic votes?

That only works if the attack didn’t target those records - you’ll get the same result as the machine has, whether it’s true or not.

14 states, as of the 2018 midterms, have gaps where ballots have no paper records, and Georgia was entirely paperless, using all electronic machines to conduct its election.

Stop! Rowhammer Time! - Machine Specific Attacks

The cybersecurity company Cylance released a proof-of-concept video where their researchers managed to compromise a Sequoia AVC Edge MK1 voting machine. That was one of the companies in our list of widely-used machines, earlier.

They used a PCMIA card (plug-and-play devices that were/are used to provide extra functionality to notebook/laptop computers) to easily reflash the firmware with a compromised version.

They were more than able to directly manipulate voting tallies in memory.

They managed this on both the Public Counter (usual one used) and the Protective Counter (the backup, redundant verification vote tally) – used to make sure the results counted on these machines used across the country are valid.

Several American researchers performed a source code review of this Sequoia voting system confirming the vulnerability.

The Rowhammer vulnerability is another voting machine vulnerability worth looking at.

Google’s Project Zero team demonstrated in 2015 how to hack Intel-compatible computers by exploiting physical weaknesses in certain DDR DRAM chips (working computer memory for devices).

They took advantage of a condition where repeatedly accessing the same row of memory (computer memory is organised in rows and columns in DDR memory) can cause certain bits to flip in other rows next to them.

In practice, this allows someone with a normal user-level session can escalate their privileges and get a full read-write session on the vulnerable system. That essentially means full freedom of movement and action on the target system.

Why should you care?

Well, some voting machines have this vulnerable memory inside them, as they are computers after all. Also, the Rowhammer exploit has been ported to Android , mobile and many other forms – and is absolutely being used for exploitation out in the wild.

If you’re interested in how the Rowhammer exploit works, this piece on the InfoSec Institute has an excellent summary.

Let’s end on a high note though, shall we?

The Future of Voting Technology – A New Hope?

It’s not all doom and gloom though, there are green shoots of positive developments in the election security space happening right now and on the horizon.

Virginia in 2017 directed counties across the state to ditch touchscreen voting machines before the midterm elections in 2018 – in a giant leap forward for election security. These were to be replaced with machines that output a paper trail and thus allow for a verifiable audit to take place after the election.

These machines will thus be in use for what is sure to be a contentious 2020 election race, and is a good start for the eventual transformation of the US electoral process.

Those going to “hacker summer camp” or DefCon the last few years will have noticed the Voting Village becoming more and more popular year-on-year.

This is where the world’s most enterprising hackers have free rein to pull apart and probe in-service voting equipment and technology to find out where the holes are.

The US government’s mad science wing, DARPA, is hoping to start an open-source revolution in voting technology in an effort to make hack-proof voting a reality.

The Oregon-based firm Galois and DARPA are working on a completely secure voting machine where none of the parts within it are sourced from third party-suppliers and the protocols powering it are open-source – and thus available for the world’s hackers, researchers and penetration testers to comb through and fix!

Pedants and tinkerers of the world, united under one banner!

Their ambitions are to create not just hack-proof voting, but a model system for secure hardware – which can be used for all sorts of sensitive applications where cybersecurity has historically been an issue.

At the 2020 DefCon Voting Village, DARPA will be bringing a more complete version of the system currently being designed.

Hackers can still probe the secure hardware infrastructure (currently virtualised) for complicated attacks like speculative execution and Rowhammer down to more common Buffer Overflows (send data into a given input of a program until it falls over, then get it to do what you want afterwards).

It’s a real promising development that could help secure a wide range of Internet of Things systems if adopted, as well as securing electronic voting to the point it may become more widely adopted.