In late 2018, six researchers published a DEF CON report that detailed a range of critical security vulnerabilities affecting voting equipment and related computer systems. These include supply chain insecurity, proven susceptibility to remote attacks, machines that can be hacked faster than an actual vote and perpetually unpatched vulnerabilities. Let’s take a closer look at these shortcomings and vulnerabilities below.
Supply Chain Insecurity, Remote Attacks & Unpatched Hacks
According to the DEF CON report, the global voting machine parts supply chain lacks consistent security procedures capable of verifying whether components are trustworthy or pre-hacked before a machine is assembled. In practical terms, this means compromised chips could allow an attacker to remotely hack entire classes of machines across the United States.
In addition, the report confirms that voting machines are not effectively air gapped from the internet and can be remotely hacked. Moreover, machines in at least 15 states can be physically hacked with a pen in two minutes. This means an attacker could potentially compromise a machine while ‘voting’ in a polling place on Election Day. Perhaps most disturbingly, voting machine security flaws frequently go unpatched and unfixed by manufacturers.
Senators Demand Answers from Election Equipment Manufacturers
The real-world risks of deploying voting machines plagued by unpatched security vulnerabilities recently raised the ire of four senior senators who questioned election equipment makers as to why they continued to sell the decades-old machines.
“The integrity of our elections remains under serious threat. Our nation’s intelligence agencies continue to raise the alarm that foreign adversaries are actively trying to undermine our system of democracy, and will target the 2020 elections as they did the 2016 and 2018 elections,” the senators wrote in an official letter sent to the election equipment manufacturers. “The integrity of our elections is directly tied to the machines we vote on – the products that you make. Despite shouldering such a massive responsibility, there has been a lack of meaningful innovation in the election vendor industry and our democracy is paying the price.”
Secure Hardware & A Secure Vote: An Industry Mandate
Helena Handschuh, Rambus Fellow and Chair of the RISC-V Foundation’s security standing committee, recently penned an article for the EE Times about the importance making secure hardware an industry mandate. All too often, says Handschuh, companies take shortcuts in design assurance and secure design, trying to meet certain performance, area, speed and cost requirements.
“[However], without secure hardware, design flaws will continue to be discovered and exploited, risking serious data breaches and other serious consequences,” she explains. “It’s time for the industry to move away from the principle of security by obscurity and embrace open architectures like RISC-V which enable anyone to inspect and analyze the instruction set architecture (ISA) to assess its security.”
According to Handschuh, RISC-V Foundation member Galois is a company that actively participates in DARPA’s System Security Integration Through Hardware and Firmware (SSITH) program, developing tools and techniques for quantitatively measuring and reasoning for system security, particularly for hardware. As part of this program, Galois is developing baseline processors from which security improvements will be measured.
“DARPA [also] recently announced that Galois will be developing a voting system as the demonstration vehicle for this secure system, built with fully open source hardware and software,” she writes. “While the voting system is not intended for production, it serves as an important demonstration of how DARPA technology can be used for a critical infrastructure system.”
The voting system, says Handschuh, will be built on open source RISC-V CPUs and incorporate auditable software components, enabling the public to review both the software and the hardware since the RISC-V ISA is public and standardized.
“The purpose of this system is to spur continued research and innovation to develop more secure hardware and software solutions for the benefit of everyone,” she adds. “The voting system will be publicly ‘red teamed’ in the voting village at DEF CON 2019 and DEF CON 2020 so attendees can examine it and conduct penetration tests to gauge its security. The demonstration will include both an end-to-end verifiable and a traditional non-verifiable voting system.”
In 2019, says Handschuh there will be a smart ballot box on SSITH hardware, while the 2020 event will feature all components on SSITH hardware, including both the ballot marking device and optical scan systems. Meanwhile, a scaled down, low cost version of the system will be made available via Crowd Supply so anyone can buy it, experiment with it and use it to run even informal elections such as for school clubs or sports teams. University teams also will be participating in the program to enhance their own security research efforts.
“The future of security is in the hands of developers. We strongly encourage everyone to get involved and work together to tackle the dynamic security demands of this new era of innovation,” Handschuh concludes.