logo

This 11 Year Old Hacked A Voting Machine in 10 Minutes

image
Created: 14 August, 2018
Updated: 21 November, 2022
3 min read

At DefCon, a hacker conference in Las Vegas, savvy computer programmers as young as 8 participated in a contest organized by R00tz Asylum, a non-profit organisation that promotes white hat hacking to improve cybersecurity.

Of the thirty-nine participants aged 8 - 17, thirty-five were able to exploit vulnerabilities in an exact replica of the state of Florida's voting machines, as well as replicas of the election websites of 13 battleground states.

Eleven-year-old Aubrey Jones was the first participant to break through the trivial security measures of the voting software interface, and into the underlying code that tallies votes for U.S. election candidates. She did it in 10 minutes.

Jones told BBC reporter Dave Lee, "The bugs in the code makes us to do whatever we want. We call somebody our own name if we want to, make it look like we won the election!"

Another conference goer, Bianca Lewis, aged 11, told him, "“I’m going to try and change the votes for Donald Trump. I’m going to try to give him less votes. Maybe even delete him off of the whole thing."

The National Association of Secretaries of State disagrees that the hacking contest demonstrates the vulnerability of actual voting machines, stating in a press release:

"While we applaud the goal of DEFCON attendees to find and report vulnerabilities in election systems it is important to point out states have been hard at work with their own information technology teams...Our main concern with the approach taken by DEFCON is that it utilizes a pseudo environment which in no way replicates state election systems, networks or physical security. Providing conference attendees with unlimited physical access to voting machines, most of which are no longer in use, does not replicate accurate physical and cyber protections established by state and local governments before and on Election Day."

The NASS also wanted to clarify that part of the hacking contest only affected state websites' reporting of vote totals to the public, not actual vote counts:

"While it is undeniable websites are vulnerable to hackers, election night reporting websites are only used to publish preliminary, unofficial results for the public and the media. The sites are not connected to vote counting equipment and could never change actual election results."

Still such a hack could cause enormous confusion and public unrest, especially in a close election with emotions running high, fueling conspiracy theories and damaging public trust in the integrity and legitimacy of the election results.

And also, as Vox reports, "DEF CON participants discovered that voting systems running on expired SSL certificates, encryption keys that are intended to create secure connections, were the most vulnerable and easily hackable," and alarmingly that:

"The participants also discovered more vulnerabilities in the system where citizens directly cast their votes. The kids were able to wipe the memory cards from a recreation of state voting machine interfaces (within five seconds) and either replace a voter’s ballot altogether or overload the system with fake voters to render a real voter’s ballot useless."

The fact that amateur child hackers were able to break into these voter software systems in minutes is also unsettling for the integrity of U.S. elections. What could a professional software programmer with seasoned hacking skills do to a U.S. election result, if motivated by a strong political ideology, or as a mercenary for hire by special interests with a lot of money at stake, or even the desire to disrupt an election just to create a chaotic spectacle?

IVP Existence Banner

That's why many voting security advocates want to see U.S. election systems give up the touch screen electronic voting machines, and go back to using paper ballots tallied by simple electronic scanning machines. Should an election result be questionable, or have a razor thin margin (as the notorious 2000 Florida presidential vote), officials can refer to the paper ballots and recount them by hand.

Voting security activist, Marilyn Marks, recently told Bloomberg that paper ballots is the way to go instead of fancy, expensive voting machines pushed by lobbyists for state election vendor profits, pointing out that, "The Department of Homeland Security has said it. Every cyber expert says it."

Latest articles

votes
Wyoming Purges Nearly 30% of Its Voters from Registration Rolls
It is not uncommon for a state to clean out its voter rolls every couple of years -- especially to r...
27 March, 2024
-
1 min read
ballot box
The Next Big Win in Better Election Reform Could Come Where Voters Least Expect
Idaho isn't a state that gets much attention when people talk about politics in the US. However, this could change in 2024 if Idahoans for Open Primaries and their allies are successful with their proposed initiative....
21 March, 2024
-
3 min read
Courts
Why Do We Accept Partisanship in Judicial Elections?
The AP headline reads, "Ohio primary: Open seat on state supreme court could flip partisan control." This immediately should raise a red flag for voters, and not because of who may benefit but over a question too often ignored....
19 March, 2024
-
9 min read
Nick Troiano
Virtual Discussion: The Primary Solution with Unite America's Nick Troiano
In the latest virtual discussion from Open Primaries, the group's president, John Opdycke, sat down ...
19 March, 2024
-
1 min read
Sinema
Sinema's Exit Could Be Bad News for Democrats -- Here's Why
To many, the 2024 presidential primary has been like the movie Titanic - overly long and ending in a disaster we all saw coming from the start. After months of campaigning and five televised primary debates, Americans are now faced with a rematch between two candidates polling shows a majority of them didn’t want....
19 March, 2024
-
7 min read