07/29/2017: Las Vegas, California, USA: Hackers at the Def Con Hacking Conference hack through an EVM Machine in less than 90 seconds. Since the security of electronic voting machines was in doubt, the hackers decided to probe EVMs. Of course, it’s another story that US regulations on EVMs are lax. The machines were hacked using wireless means. The Register released a report exposing the low levels of security in machines hacked wirelessly.
James Braun originally gave this idea when he doubted the security of US voting systems. He added: “The scary thing is we also know that our foreign adversaries – including Russia, North Korea, Iran – possess the capabilities to hack them too, in the process undermining principles of democracy and threatening our national security.”
Of course, in 2014’s county elections, a WinVote system had poor Wi-Fi security. The MS-03-026 vulnerability in the Windows XP Embedded (which had no security patch since 2004) OS helped infosec academic Carsten Schurmann access the machine from his laptop using RDP. Furthermore, for the 2014 county elections, some systems used Wired Equivalent Privacy, which IEEE deprecated in 2004 for poor security. Also, an OpenSSL bug CVE-2011-4109 helped crack another system.
The US adopted EVMs in the wake of the counting debacle of the 2000 Presidential Election, which George W. Bush Jr. won.
This development on EVM vulnerability is significant to India, where there’s a raging debate over EVM credibility. Similarly in India, opposition parties also called for a probe into EVMs, for which the Election Commission threw a challenge. EVMs came under fire after the 2017 assembly elections, which helped BJP win and form the government in 4 states. Especially in Uttar Pradesh, where BJP won 325 of 403 seats, other parties blamed the EVMs.