Indian electronic voting machines (EVMs) are vulnerable to fraud, researchers said this week, and advocated that a paper trail should be maintained to verify the results of balloting.
The researchers have also released a video where they have demonstrated attacks on an EVM after tinkering with its internal electronics.
They got access to a working EVM, that was already used in an election, through an anonymous source, Hari Prasad, one of the researchers said on Friday. Prasad is managing director of Netindia, a Hyderabad-based technology firm
One attack involved replacing the display board of the machine with a look-alike component that can be instructed to steal a percentage of the votes in favor of a chosen candidate.
The new display board adds a microcontroller that replaces the election results with fraudulent ones as they are displayed, and a Bluetooth radio module that allows the attacker to wirelessly signal through his mobile phone which candidate should receive the stolen votes, the researchers said.
Though the use of mobile phones is prohibited within 100 meters of polling stations, this rule is infrequently enforced, the researchers added.
In another attack on the test EVM, the researchers used a pocket-sized device, attached to the memory chips, to change the votes stored in the EVM between the election and the public vote counting, which in India can be weeks later.
Storage rooms where EVMs are kept between elections are insecure, and criminals can bribe an official and get access to the machines, Prasad said.
Officials at the Election Commission of India were not immediately available for comment. Prasad said the researchers have offered to demonstrate the attacks to the Election Commission.
India uses EVMs of the Direct Recording Electronic (DRE) variety, which record votes only to internal memory and do not provide paper records for later inspection or recount.
The researchers have also raised concerns that criminals and people intending to rig elections can tamper with components. The EVMs are designed so that the firmware is stored in masked read-only memory in the microcontroller, and there is no provision for reading it out or verifying its integrity.
If the software was modified before it was burned into the CPUs, the changes will be very difficult to detect, the researchers said.
The chips are made in the U.S. and Japan, and nobody in India knows for sure what software is in the machines, or whether they count votes accurately, they added.
The researchers have recommended a voter-verified paper audit trail (VVPAT), which combines an electronic record, stored in a DRE machine, with a paper vote record that can be audited by hand. Existing EVMs do not have upgradeable software, but a VVPAT can be added on the cable between the control unit and the ballot unit, they said.
The researchers recommend precinct-count optical scan (PCOS) voting as an alternative. In this model, voters fill out paper ballots that are scanned by a voting machine at the polling station before being placed in a ballot box. Attacking either of these systems would require tampering with both the paper records and the electronic records, according to the researchers.