Video

Watch the Video: DEF CON Hackers Got Into Many Voting Machines and an E-Poll Book

Critics wrongly dismissed hackers by focusing on one out-of-use machine.

Photo Credit: Copyright / Lulu Friesdat / shugahworks.com

How long will defenders of America’s electronic voting systems ignore the present danger hacking presents to U.S. elections?

After numerous reports that hackers attending last weekend’s DEF CON 25 conference breached a variety of voting machines, defenders of the systems heaped scorn on the news, saying the one machine that was breached had been taken out of use more than a year ago. They also said the machines had to be taken apart to access key components, suggesting that was an unlikely scenario.

"What is with @thehill clickbait? This story about WinVote machines -- used in few VA counties & decertified in 2015,” tweeted Michael McDonald, a University of Florida political scientist who is among the nation’s most-quoted experts on voter turnout trends. 

They are wrong to think the hacking stopped there. The WINvote, which has been decertified, was hacked within minutes of the doors opening. But over the course of the next three days, hackers penetrated or found major security flaws in every machine present. Many of those machines are in use in multiple states, including swing states like Wisconsin and Florida.DEF CON hackers said they took complete control of an e-poll book, a type of election equipment in use in dozens of states where voters arrive at precincts, sign in and receive their ballots. That is exactly the type of equipment that was likely breached in at least one state in 2016.

They also found major security flaws in the Sequoia AVC Edge, in use in 13 states and the AccuVote TSX, in use in 19 states. A different version of the AccuVote was used recently in Georgia's $50 million congressional election.

Hackers then went to work on the iVotronic, currently in use in 18 states. With one button they were able to bypass the first security screen and gain access to the admin screen. They found the password through Google. The password turns out to be svcsvc. Now in control of the admin screen and the password, it is likely they could go further in the near future.

Although data on some machines was accessed by taking the machine apart, it is important to remember that many individuals and salespeople working with vendors likely have access to these machines in similar conditions. Machines also are stored overnight in people's homes. Hackers found unencrypted code in plain text that they said would be a piece of cake to modify.

Machine usage according to Verified Voting.

Don't let big tech control what news you see. Get more stories like this in your inbox, every day.

Lulu Friesdat is an Emmy award-winning journalist whose many news assignments include producing election coverage for MSNBC and editing with the CBS Evening News and Good Morning America. She received a Best Documentary award for directing her first feature-length documentary, Holler Back: [not] Voting in an American Town. Follow her on twitter @LuluFriesdat.