Thursday, April 16, 2015

Touchscreen voting passwords: “abcde” and “admin”

Is anyone really this stupid in 2015?
(The Guardian)- Touchscreen voting machines used in numerous elections between 2002 and 2014 used “abcde” and “admin” as passwords and could easily have been hacked from the parking lot outside the polling place, according to a state report.
The AVS WinVote machines, used in three presidential elections in Virginia, “would get an F-minus” in security, according to a computer scientist at tech research group SRI International who had pushed for a formal inquiry by the state of Virginia for close to a decade.
In a damning study published Tuesday, the Virginia Information Technology Agency and outside contractor Pro V&V found numerous flaws in the system, which had also been used in Mississippi and Pennsylvania.
Jeremy Epstein, of the Menlo Park, California, nonprofit SRI International, served on a Virginia state legislative commission investigating the voting machines in 2008. He has been trying to get them decertified ever since.
Anyone within a half mile could have modified every vote, undetected, Epstein said in a blog post. “I got to question a guy by the name of Brit Williams, who’d certified them, and I said, ‘How did you do a penetration test?’” Epstein told the Guardian, “and he said, ‘I don’t know how to do something like that’.”

No comments: