It’s been a while since I last wrote about electronic voting machines, but I’m glad to say there has been some progress: in at least some jurisdictions, the most insecure type of machine, the DRE (Direct Recording Electronic), has been banned. In DRE machines, the voter typically interacts with the machine via a touch-screen interface, and the primary or only record of the votes cast is stored in the machine’s memory. This means that virtually any attack that can compromise the machine can also potentially change the election results.
Prof. J. Alex Halderman, of the University of Michigan, has an amusing post on the Freedom to Tinker blog at Princeton’s Center for Information Technology Policy, on a new use for discarded Sequoia AVC Edge DRE machines. He and his colleagues have successfully hacked the machine to play one of the original computer arcade games, PacMan. (There is a video link in the blog post, but there is a bigger version at the project site, which also has more information.) The machine, which is basically an ancient PC (80486 processor, 32 MB of RAM, running the psOS+ embedded operating system), runs its election software from a Compact Flash memory card; replacing the card replaces the software. Although the machine ostensibly has “tamper resistant” seals, the CF card can be accessed by removing a panel using a screwdriver. Prof Halderman thinks the project was a useful contribution to the environment:
As more states move away from using insecure DREs, there’s a risk that thousands of these machines will clog our landfills. Fortunately, our results show that they can be productively repurposed.
The team noted that one of the bigger challenges in re-programming the machine was remembering how to write a
config.sys file,and getting software to run on a machine without a math coprocessor.
The team demonstrated their results at the recent USENIX Security Symposium in Washington DC. Incidentally, there are other ways in which the machines might be recycled that aren’t necessarily frivolous. The team found the machines can also run Linux.