Science

DARPA’s $10 million voting machine couldn’t be hacked at Defcon (for the wrong reasons) – CNET

Galois's prototype voting machine wasn't available for hackers to test.

Alfred Ng / CNET

For the majority of Defcon, hackers couldn't crack the $10 million secure voting machine prototypes that DARPA had set up at the Voting Village. But it wasn't because of the machine's security features that the team had been working on for four months. The reason: technical difficulties during the machines' setup.

Eager hackers couldn't find vulnerabilities in the DARPA-funded project during the security conference in Las Vegas because a bug in the machines didn't allow hackers to access their systems over the first two days. (DARPA is the Defense Advanced Research Projects Agency.) Galois brought five machines, and each one had difficulties during the setup, said Joe Kiniry, a principal research scientist at the government contractor.

"They seemed to have had a myriad of different kinds of problems," the Voting Village's co-founder Harri Hursti said. "Unfortunately, when you're pushing the envelope on technology, these kinds of things happen."

It wasn't until the Voting Village opened on Sunday morning that hackers could finally get a chance to look for vulnerabilities on the machine. Kiniry said his team was able to solve the problem on three of them and was working to fix the last two before Defcon ended.

The Voting Village was started in 2017 for hackers to find vulnerabilities on machines that are used in current elections. At the last two Defcons, hackers found vulnerabilities within minutes because the machines were often outdated. The Village shines a necessary light on security flaws for voters as lawmakers seek to pass an election security bill in time for the 2020 presidential election.

Galois won a $10 million award from DARPA in March to create an open-source voting machine that could prevent hackers from tampering with votes. The machine's prototype allows people to vote with a touchscreen, print out their ballot and insert it into the verification machine, which ensures that votes are valid through a security scan.

While the voting process worked, the machines weren't able to connect with external devices, which hackers would need in order to test for vulnerabilities. One machine couldn't connect to any networks, while another had a test suite that didn't run, and a third machine couldn't get online. It had been running on and off throughout Defcon, but Galois was more optimistic about Sunday.

"This is the first day we've had reliability on these machines," Kiniry said.

The late start is a disappointment for Galois because allowing hackers to find vulnerabilities at Defcon was the entire point of bringing the prototypes to the Voting Village.

The team built it after looking at voting machine mistakes over the last two decades and created it with security standards comparable to the DepRead More – Source

Related Posts