Hackers at a computer security conference in Las Vegas this weekend were aiming to help test U.S. election security, but the makers of voting equipment are raising doubts, The Wall Street Journal reported.
On the first day of Defcon’s second annual Voting Village, which runs through Sunday, hackers swapped out software, uncovered network plug-ins that shouldn’t have been left working, and revealed other ways for unauthorized actors to manipulate the vote, the Journal noted.
They hope the work will underscore weaknesses that vendors will want to fix and that will encourage states to upgrade to more secure systems.
Manufacturers and security experts counter the hack-a-thon isn’t likely to uncover real-world issues that would come up in an election.
“Anybody could break into anything if you put it in the middle of a floor and gave them unlimited access and unlimited time,” Leslie Reynolds, executive director of the National Association of Secretaries of State, told the Journal.
According to the Journal, Election Systems & Software LLC, a leading manufacturer of voting equipment, wrote to customers ahead of the event that hackers “will absolutely access some voting systems internal components because they will have full and unfettered access to a unit without the advantage of trained poll workers, locks, tamper-evident seals, passwords, and other security measures that are in place in an actual voting situation.”
But Voting Village organizer Jake Braun said states and vendors who are refusing to participate are making a mistake, warning; “This is not a cyber-mature industry.”
He also disputed the assertion that the Voting Village hacking could threaten national security, saying it would be naive to assume that Russia wasn’t already looking for voting system flaws.
“I think it would be a national security threat not do so it,” Braun told the Journal.
Jeanette Manfra, a senior cybersecurity official at the Department of Homeland Security, said that security researchers at Defcon were doing important work.
“You want companies to be building more secure products, but at the same time the public doesn’t necessarily know the full picture,” she told the Journal. “If all you are saying is, ‘Look, even a kid can hack into this,’ you’re not getting the full story, which can have the impact of having the average voter not understanding what is going on.”
“It’s really, really difficult to actually manipulate the vote count itself,” she said.