A security researcher at Black Hat today detailed numerous vulnerabilities he found by penetrating and studying a brand of voting machine.
Carsten Schürmann, an associate professor with IT-University of Copenhagen, hacked the Advanced Voting Solutions 2000 WinVote machine at DEF CON last year through its Wi-Fi, relying on a Windows XP exploit from 2003. He has since studied other copies of the machine, which was used in Virginia dating back to 2004 but was decommissioned in 2015.
Dubbed by some the “worst voting machine ever,” all of their passwords appear to be “abcde,” he said. He also found several machines that had software allowing the machines to rip sound files, and in one case found a Chinese song.
Schürmann was quoted tsaying: “That’s weird, did somebody really use the machine to rip MP3s?”
Its Wi-Fi is enabled by default, he said. He found some machines that had files listed as modified, and other machines that tried to dial out. Some of the modified files might be innocent, and some of the attempted dial-outs might have been for security upgrades, Schürmann suggested, but there’s no evidence it wasn’t hacking-related.
“If the machine doesn’t print out any paper, that’s the only evidence we have,” Schürmann said. “And that’s not very good evidence.”