If you're worried about hackers breaching digital voting machines during the 2020 U.S. Presidential election, you aren't as paranoid as some people may want you to think. New research from a group of ethical hackers shows how easy it was for them to get into voting machines.
100 systems tested were hackable
This summer during the Def Con cybersecurity conference, ethical hackers attempted to break into a number of voting systems, 100 to be exact, during the group's Voting Village event. They were able to infiltrate every system and headed to Washington D.C. this week to spread the word on just how easy it is.
"Once again Voting Village participants were able to find new ways, or replicate previously published method, of compromising every one of the devices in the room in ways that could alter stored vote tallies, change ballots displayed to voters, or alter the internal software that controls the machines," the group wrote in its research report. "In many cases, the DEF CON participants tested equipment they had no prior knowledge of or experience with and worked with any tools they could find in a challenging setting with far fewer resources than a professional lab would typically have."
“Immediate root access to the devices was available simply by hitting the Windows key”— DEF CON (@defcon) September 27, 2019
The @VotingVillageDC has released its findings from #DEFCON27!
Read the full report: https://t.co/xc5wZz4FDT
Discuss the report on the #DEFCONForums: https://t.co/He5IBOe0P0 pic.twitter.com/g4cAxixExz
Group says results are disturbing but not surprising
According to the group, weak default passwords and lackluster encryption enable them to get in. They warned that as it stands, anyone with access to the machines would be able to hack them. If poll workers make mistakes to safeguard the machines, remote hackers will also be able to get into the voting machines.
"As disturbing as this outcome is, we note that it is at this point and unsurprising result," DEF CON wrote. "However it is notable and especially disappointing that many of the specif vulnerabilities reported over a decade earlier are still present in these systems today."