DEF CON Rocks the Vote with Live Machine Hacking

  /     /     /  
Publicated : 22/11/2024   Category : security


DEF CON Rocks the Vote with Live Machine Hacking


Jeff Moss, founder of the hacker conference, is planning to host a full-blown election and voting system for hacking in 2018 at DEF CON, complete with a simulated presidential race.



DEF CON 25 – Las Vegas – It took just 90 minutes before hackers here today rooted out two zero-day vulnerabilities in a pair of decommissioned voting systems stationed in the hacker conferences first-ever Voting Machine Hacker Village.
DEF CON founder Jeff Moss, aka Dark Tangent, says he and his team recently purchased the used voting machines on eBay for hackers here to hammer away at and find flaws that ultimately get reported to the vendors of the machines. There were 30 pieces of voting equipment in the room, including Sequoia AVC Edge, ES&S iVotronic, Diebold TSX, Winvote, and Diebold Expresspoll 4000 voting machines.
The first two hacks this morning are expected to be the tip of the iceberg: these systems are well-known to be rife with outdated software such as Windows CE, and plenty of ports for hardware exposure, including PCMCIA, serial ports, and even a WEP-based WiFi feature - all of which are ripe for abuse. As of this posting, another hacker had cracked the hardware and firmware of the Diebold TSX voting machine. 
In the first two discoveries of the day, a hacker found a remote access flaw in the WinVote voting machines operating system, and exposed real election data that was still stored there. Another hacker cracked the Express-Pollbook system, exposing the internal data structure via a known OpenSSL flaw, CVE-2011-4109, allowing remote attacks.
What this tells me is hackers in less than two hours can figure something out and a nation-state could have this on their hands for months or years, Moss said in an interview here today. It doesnt have to be nation-states. It could be criminal organizations; it doesnt have to be limited to Russia.
Moss said for DEF CON next year, hes planning an actual election voting simulation at the hacker conference: DEF CON will hold a mock election, possibly with Moss running for president against another as-yet unnamed opponent. Hackers will have their crack at the systems.
Theres never been a security test of a complete voting system … Were trying to build a whole system, but its hard to get the back-end pieces, he said. I have confidence by next year we will have a complete end to end voting system set up. Well have fake elections and people can attack it and at the end of the con, well share the results, he said.
While the Voting Village concept evolved out of concerns raised by Russias tampering with the 2016 US election, it also came amid a backdrop of a cybersecurity industry thats experiencing some soul-searching, and growing pains. Alex Stamos, CISO of Facebook, during the keynote address earlier this week at Black Hat USA urged attendees to channel energy into innovative defensive solutions, rather than just breaking things.
Facebook also upped the ante for its
Internet Defense Prize program, to $1 million
to encourage more hackers to come up with unique defense solutions for Internet users.
Meanwhile, DEF CON is now 25 years old, a milestone that had Moss reflecting on what comes next for the worlds largest hacker conference and the hacking community. The days of the lone hacker being able to do it all is pretty much [over]. Its much more social, is one of my messages this year, Moss said. Since you cant know it all, and its more important about who you know, and they know the stuff you don’t know and can help you.
Its a bit of a throwback to the pre-Google search days, when hackers sought out mentors and other hackers to assist their research and inform their work, he noted. Mentorship is key to this next phase of security innovation, he said.
That doesnt mean offense is dead. Theres a big place for breaking because offense always informs the defense. If you love breaking just keep breaking. You have to recognize that youre operating in a bigger context now, Moss went on to say, noting: Hacking is not going to slow down. If anything, its going to become more relevant. We try to stay true to our identity as best we can. It can never be the way it was 20 years ago, but I think were making the change … the world has moved on and were moving along with it.
Related Content:
Voter Registration Data from 9 States Available for Sale on Dark Web
Russian Hackers Focused on Election Systems in 21 States
Trump Extends Obamas EO for Sanctioning Hackers
Clinton Campaign Tested Staffers With Fake Phishing Emails

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
DEF CON Rocks the Vote with Live Machine Hacking