Virginia Voting Machines ‘Protected’ by Ridiculously Simple Passwords, Report Claims
Most people know that using a password like “12345” or “password” to protect their email or Facebook account is a ridiculously terrible idea.
But apparently, no one mentioned that to the company in charge of building Virginia’s election machines.
According to a study by the Virginia Information Technology Agency and reported on by The Guardian, the AVS WinVote machines used in three presidential elections were protected by such astonishingly simple passwords a 6-year old could figure them out.
The report, found that the wireless network between the machines, which were in use between 2002 and 2014, was protected by passwords such as “abcde” and “admin.”
If someone was able to get into those machines via a wireless connection they theoretically could have controlled the outcome to major elections from the relative comfort of the parking lot of the voting location.
According to the report, cracking the passwords to the voting machines took “minimal effort using freely available toolsets.” That means that anyone with even a hint of knowhow could have easily broken into these machines.
Jeremy Epstein of Princeton University’s Center for Information Technology Policy wrote in a post about the voting machines that “if no Virgina elections were ever hacked (and we have no way of knowing if it happened), it’s because no one with even a modicum of skill tried.
It wasn’t just the machine’s passwords that were lacking: they were also running a version of Windows XP Embedded 2002 and had never been patched or otherwise updated. In fact, the machines were found to still have a vulnerability that was fixed back in 2004.
The Guardian says that the machines were used in no less than 24 elections in Virginia over the years. They were also in use in Mississippi and Pennsylvania, but those states eventually stopped using them.
This isn’t the first time voting machines have come under fire for their ability to be hacked. In 2012, Wired reported that Diebold voting machines used in 20 states were easily hacked by installing off-the-shelf equipment from your local electronics store.
But the Virginia WVS WinVote machines were far worse, as hackers never needed to touch the machines to take control of them.
Virginia has since decertified the machines, and is looking into alternatives for the upcoming election season.
May we suggest some Florida-style paper chads? Nothing controversial ever happens with those.
Email Daniel Howley at firstname.lastname@example.org; follow him on Twitter at @DanielHowley or on Google+.