 What's the cause-effect here, DEF CON, here at Voting Village? My name is Harry Hurst. I'm the founder, co-founder and co-organizer of the Voting Village. We are here to educate people about the reality of voting machines, especially now in the era when false claims of rigging and whatnot is done, so that people understand exactly how these machines work, what are the vulnerabilities, how you mitigate against the vulnerabilities. We have a lot of machines here that we are currently using around the country. These machines are old machines. These machines are designed from the mid-80s. It's still widely in use. This is the first machine ever hacked, and I did that hack in 2005. So, because this machine was designed at the time when cyber war was bad science fiction, this doesn't have the capabilities of hardware, which modern general purpose computers, this doesn't have an operating system. So, this has a very small footprint and very small attack surface, because the time era when this was built, everything was minimalistic by necessity, not by design. Okay. So, let's talk a little bit about this machine and talk specifically about the vulnerability that you pointed out. Well, it doesn't have a hard drive. It doesn't have flash. The software itself is an EEPROM. It doesn't have any other storage than the memory card, which is the vulnerability of this machine. However, because it's a removable memory card, you can mitigate against this by making two-man rule on everybody who is touching it, programming it, and making the physical security to fight against the vulnerability on the technology. And this is very normal. These machines are old. They require a lot of physical security, all of which is missing. Always when we show a vulnerability, what happens is people are claiming, well, that won't happen in the real world because there's such a high physical security, and that's never true. If somebody got their hands on this memory card, was able to manipulate the information and then put it back in, and then put it back in inventory, that would be the problem, right? Yeah, in this machine, because the software itself cannot be altered. So, software is an EEPROM, and this machine is physically incapable of reprogramming its programming. The only way you hack this is using the memory card by introducing from there, for example, a wrong ballot definition or manipulate the vote counters. So, everything is on a memory card, and it's really, this is not about code injection. This is more about very, very old ways of manipulating, like a car odometer running over. This actually has an unsigned integer, so it has an integer overflow problem. Okay, so now we covered a very old school voting machine here, still in use. Memory card is the major vulnerability. Do you want to take a look at another one that you pointed out? Yes, absolutely. This is a high-speed paper ballot scanner. These are used in major cities and in vote centers. The high-speed process is a lot of ballots. This is still in use, and this is a way more modern technology than the previous one. This actually does have hard drives. This actually has an Ethernet. This is the two decades more modern machine. So, what I'm guessing here with the hardware inside, and we can't take a look, obviously, or I don't know if we can. Yes, we can. Perfect. Just to get an idea of the difference and what would be considered an upgrade, right? So, here we have a general-purpose computer, which is running an operating system, unlike the previous one. We have hard drives, we have Ethernet, we have network capabilities. This is actually a dangerous machine. This is a multi-horsepower engine, and when we accidentally saw paper ballots put a metallic plate in one study, it flew across the room and buried itself to a drywall. That's the speed the paper goes through, so you can kill yourself with this voting machine. So, this is not just a voting machine, this is possibly an assassin. Yeah, it really goes fast, because there's a high-speed scanner. And the vulnerability of this machine is, again, removal media. That's a chip drive, and those chip drives are forever old. You saw the insert in the other side. This runs a QNX operating system, and if you have a file with a certain name, it automatically executes that with the full-root permissions without asking user permission or notifying user. So, you only need to have one certain name or file on a chip drive, and it's done. And then you're in. Then you're in. So, it sounds like they just made it as easy as possible for you to gain access to. Well, it's convenience. It's convenience. Remember, again, these machines were designed at a time when cyber war was not existing. Yeah, you have to keep reminding me of that, right? Because that is an interesting thing. We live in a day right now, and it's so relevant. And just a couple decades ago... Bad science fiction. Nobody would have believed... Everything today, casual and common knowledge, would have never been passed as a movie script, because it would have been too stupid for people to think this can be actually real. All right, this technology actually comes from 2000s. And thank God this machine is on its way out, because this is the second most dangerous way of voting. The most dangerous way of voting is internet voting, because it's beyond our human capabilities to do internet voting. It cannot be done. This is a touchscreen voting, where there's no paper record. Everything is just in electronic form. So, it's a touchscreen. You vote. There's no auditability. And if you alter the memory of the... and memory count, there's no recovery. You vote. You cannot do anything else. You cannot find who if it was hacked. We actually ran a test election a few years ago with this machine. It was a very tight race between George Washington and Benedict Arnold. And our benign dictator, Dark-Hangin-Won, and he wasn't even on a ballot. So, you were able to switch out names and add completely new applicants or candidates into the machine? Exactly. But the funniest thing is when you did that hack, you cannot recover. You cannot find the original actual votes that people were voting. So, it's done. It's done, because there's no paper ballot where you can come back. So, that's why, thank God, these machines are on the way out. Yeah. So, in fact, this was the newest of the three that we looked at. Correct. This is the most vulnerable and the most dangerous machine that we... The most dangerous because if something goes wrong, you don't have a recovery. And of course, the funniest thing about this machine is that this card reader is not clued in. And if you plug it out and you boot it, it goes to supervisor most. Because why not? And then you can actually plug it back in in a convenience of secrecy of the boot. So, why would you do that? And the funniest thing is the machine... We have one more machine which is over 10 years newer than this. And it has the same feature that if you jam the smart card, it goes to supervisor mode. So, can you do just a quick example of you messing that up? Because I think we got to see this one. And I know you just brought that card out, but I would love to see supervisor mode and kind of... Here we are. So, once you are in the supervisor mode, then you can change settings. This obviously has a network. There's a lot of other capabilities. Which also means that one thing where you can do with this, not only you can alter one election, but there's also a proof of concept. We developed a voting machine virus which can travel from one voting machine to another and infect the whole precinct. Wow. So, all you need is access to one and you could potentially spread. Or not even one. It's also good enough that if you get the central headquarters election management system, you can spread then one to every precinct and it spreads around there. So, this is a very old unpatched version of Windows CE and obviously very dangerous machine to be used. And thank God, as I said, we are out of the DRE voting. DRE voting is a very bad idea. The only worse idea would be internet voting. Okay. What is the solution here? Because we are seeing a lot of machines that are in use. What do we do? American elections are uniquely complex. And outside of the smallest jurisdictions, you have to use voting machines. And you cannot trust the voting machines. The problem with the ballot marking devices, which is the newest technology introduced, when after you make your choices, it will print out the ballot. That is not any more voters choice. It's a hearsay by computer. And we have been showing in studies that both voters don't find if the ballot marking device is lying. So, the safest way to vote is a handmark paper ballot. Use a voting machine scanner like the first one we saw or that one to scan them and then mandatory risk limiting order to figure out if the machine provided the right correct outcome of the election. Never trust, always verify. And use handmark paper ballots so that you can verify. And if there needs to be a recount, obviously, then you have archived materials that mark votes. Yes. The security problem of voting is uniquely hard because we have a secret ballot at the same time as auditability. Secret ballot means that even if I want to reveal how I voted, I shouldn't be able. Because if I can be coerced to tell how I voted and prove it, then I can buy my vote. Both can be bought, sell, and I can be coerced. But how much would it cost to buy you? I wouldn't be for sale, but everything has also price. Exactly. Everything. Everything has its price. I'm curious. Do you vote? Of course. Okay. All right. And everybody should vote. Whenever you are eligible to vote, please vote. Democracy is only working with the participation. And apathy is as dangerous to democracy as any kind of malfeasance and shenanigans in the process. Thank you very much. All right. Thank you. Bye. Thank you.