E-Vote Machines Can Be Infected With Virus

A person who goes to a voting booth knows which candidates he likes and while he casts his vote behind the curtain, he hopes the people he chooses will win the election. But this may not necessarily happen, says Edward W. Felton, a computer sciences professor at Princeton University. Prof Felton has in recent years learnt about poking holes through computer security.

Based on his experience, researchers at Princeton University declared on September 14,2006 that common 'electronic voting machines' could be converted to misrepresent results by installing software. It changes vote totals that evades detection and, just like a computer virus spreads from one voting machine to another.

The scientists conducted a mock election demonstration on their Website. In a fight between George Washington and Benedict Arnold, the latter became the winner although Washington secured greater number of votes.

The researchers tried to show how the malicious code could convert a vote for George Washington to a vote for Benedict Arnold without being administered by either the voter or the election officials. Neither would ever know anything as the malware alters its own track later. No standard test either before or after the election would be able to detect the malfunction.

One of the researchers, Halderman said that one needed to be a good programmer, not a genius to reproduce the virus.

To execute these attacks, the attacker must manage to install his malicious software on at least one voting machine. Just a minute of physical handling of the machine would be enough to install the software manually. Having physical access to one machine or memory card, the attacker can alternatively install a 'voting machine virus' to let it spread to other machines permitting to commit widespread fraud.

Actually the technology of electronic voting has challenges that are systemic that require a systemic response. To start with paper trails, regular audits and aggressive physical security can be effective security measures. This can be added with enhanced poll-worker training and radical up gradation of machine certification procedures. In effect the 'Federal Certification Body' implemented a memorandum requiring greater security for e-voting systems.

Related article: E-Crime Reporting Format To Be Launched in July

» SPAMfighter News - 9/21/2006