Why spend millions of dollars campaigning when you can hack an election for less than 100 grand?
That’s a question raised by university researchers who recently bought a Sequoia AVC Advantage voting machine and then used a new hacking technique to circumvent its security.
Although they’ve been hacked before, Sequoia’s AVC machines are considered a pretty tough target because they have a special memory-protection mechanism that allows them to only run software they’re hardwired to execute in the machine’s ROM (read-only memory).
But using a new hacking technique, called a return-oriented programming attack, researchers were able to trick the machine into changing the results of an election, according to Alex Halderman, one of the university researchers behind the work. Halderman is with the University of Michigan, but researchers from the University of California, San Diego and Princeton University were also involved in the project. They presented their results at the Usenix 2009 Electronic Voting Workshop, held in Montreal this week.
The researchers tested their results on a machine purchased from a government auction site after Buncombe County, North Carolina, stopped using the voting machines in 2007.
The hack wasn’t easy — Halderman estimates that it took about 16 man-months of work to pull it off — but at university salaries that would still be cheaper than most U.S. election campaigns, he said. “The cost of that time was less than $100,000,” he said.
The work was done without access to source code or any documentation beyond what is available on Sequoia’s Web site.
To pull off the attack, the researchers installed a homemade microcontroller that plugged into the port designed for the vote results cartridge and sent bogus results to the voting machine using this return-oriented programming technique. “You can use snippets of the existing program to form a whole new instruction set,” Halderman said.
The AVC Advantage 5.0 machine they tested was between 10 and 15 years old, but this type of machine is still used in Louisiana and New Jersey (where e-voting critics have sued to remove it from active use).
Researchers have previously disclosed other ways to hack the systems, including tampering with the machine’s firmware by replacing one ROM chip with another.
E-voting machine makers argue that these attacks would be difficult to pull off in real-world situations because someone would need to physically tamper with the voting machine. Researchers say they can pull off their attacks in a matter of minutes.
Sequoia did not reply to a request for comment about the hack.