The following proof of concept video demonstrates the techniques Cylance researchers used to compromise a Sequoia AVC Edge Mk1 voting machine.
The video shows how easy it is for a third party to reflash the firmware with a PCMCIA card, and directly manipulate the voting tallies in memory.
Additionally, the video demonstrates how vote tallies can be manipulated on both the Public Counter and the Protective Counter, which was designed to act as a redundant verification system to ensure results are valid.
Similar methods of exploitation have been proposed on a theoretical basis by other researchers, such as those in the 2007 paper ‘Source Code Review of the Sequoia Voting System’ (PDF), and then later discussed in the Politico article ‘How to Hack an Election in 7 Minutes’, but Cylance is the first to demonstrate an exploit in a real-world scenario.
What Can be Done to Mitigate These Risks?
In the short term, for the upcoming 2016 election, Cylance recommends:
• Increased supervision/ monitoring of physical access to electronic voting machines, especially as it pertains to any interfaces or ports except for the Voter Activation Card slot (typically found on the front)
• Frequent verification of hardware or software errors, such as those displayed on operator screens (e.g.: the LCD on the back of a Sequoia voting machine)
• Monitoring and verification of tamper-proof and/or tamper-evident seals (typically used to prevent or at least indicate tampering) surrounding the devices, ports, latches, etc.
In the long term, phasing out and replacing deprecated, insecure machines – namely those without robust, hardware-based firmware and data verification mechanisms is recommended. Also, additional due diligence of polling place volunteers, workers, and officers may help mitigate possible collusion for tampering by these groups.