Are Arizona elections safe from hackers?
A sign at a mock polling place set up at the Maricopa County Recorder’s Office. Photo by Jerod MacDonald-Evoy | Arizona Mirror
In November, Arizona voters will be casting their ballots and deciding who will lead the state at the Capitol and represent it in the U.S. Senate, but new research and revelations have cast doubt in some minds about the security of voting systems.
“The people building these machines generally have no background in this stuff,” Dan Petro, senior security associate for Tempe based cybersecurity firm Bishop Fox said about electronic voting machines.
Last year hackers at DEFCON were able to hack into electronic voting machines in less than an hour. This year, it didn’t even take 10 minutes.
If hackers tried something similar on Election Day, it’s effectiveness would be limited: In addition to the likelihood one would get caught by tampering with an election machine in a polling place, any such manipulation would only affect a small number of votes.
Cybersecurity experts like Petro aren’t concerned with the hardware of the machine, but its software.
This summer, voting machine manufacturer Election Systems and Software admitted they had installed backdoor software on their machines, something they had previously denied doing.
The state of Arizona contracts with ES&S, as do other some Arizona counties. Some cities, including Glendale and Tucson, also contract with ES&S.
Vendors of voting machines say backdoors are necessary for routine maintenance or for pushing security updates to all the machines at once, instead of one at a time, much in the same way Apple or Android will push updates to your phone automatically.
“But your Android phone isn’t responsible for painting the democracy of our country,” Petro said.
So, with all this new knowledge and increased focus on outside meddling in US elections, exactly how secure are elections in the state?
‘A fancy way of saying hacker’
Petro is a senior security associate, but to him, it’s just a fancy way of saying he is a hacker.
His main job is to look at networks or devices and find out if they’re vulnerable to attacks.
For example, Petro recently was able to find vulnerabilities in a “smart safe” built by Brinks.
He found that the on-board computer could be easily targeted and manipulated to let him open the safe with ease. He said it highlights an issue that is being seen across the security realm:Companies that never had given much, if any, thought to cybersecurity designs are now building devices that can connect to the internet, talk with other devices and have complex networks.
“Brinks knows how to build a good safe,” Petro said, but building a strong computer network to go along with it is not their forte.
This same logic can be applied to voting machines and their infrastructure, according to Petro.
Many of the companies either did not start off working with computers or are fairly new. ES&S has been in the voting machine business since 1979, when the primary technology being used was optical scanners.
Now, the machines are far more complex and involve a lot more steps.
The ES&S machines used in Arizona are only used to count votes in statewide elections, Fontes said.
The machines are not supposed to be able to connect to the internet, but that turned out to not be entirely true. In fact, they are able to connect to another device using specialized software. This creates a major security risk, Petro said.
When the machines are not connected to any one network, an attacker would need to physically connect to it to install malware or change code. But if it is connected to a network, a would-be hacker has many more avenues to wreak havoc, Petro said.
That raises serious questions for security experts: What other devices is the machine talking to? Do they use encryption to communicate? Is it just one person in charge of the updates or a team? Are updates pushed from one computer or multiple? Who has access? What’s the worst that could happen?
The answers, Petro said, have been hard to get.
Maricopa County Recorder Adrian Fontes remembers when hackers at DEFCON two years ago were able to break into and hack a voting machine.
He remembers it well because he was there.
“We were all there with baseball caps on, just standing in the back,” Fontes said, adding that representatives from several large elections offices across the nation, as well as representatives from the FBI and Department of Homeland Security, were also watching slyly.
He watched as they were able to pry open one of the machines used in Maricopa County, get into its systems and mess with its software. They had purchased the machine on Ebay.
The machine, known as the Edge, is the only electronic voting machine used by Maricopa County, Fontes said.
But seeing it pried open and hacked didn’t scare Fontes.
“Well, first off, it took them awhile,” Fontes said, adding that it would require physical access to the machines, which are also forced to undergo a series of tests prior to being used.
Additionally, the machines are only used for voters with disabilities and only about 200 votes were cast on them in 2016, Fontes said.
The machines are also not able to connect to the internet. A voter must insert a small card into the machine, which records the votes on the card, which is then handed to officials That means it is technically still a paper ballot.
Having paper ballots reduces risk, Fontes said.
“The whole point of what we have done is to reduce our points of vulnerability,” he said. “As you reduce points of vulnerability, you can detect probing easily.”
The only other system used by Maricopa County voters that is electronic is the new check-in system Fontes has implemented.
The check-in kiosks only have two things physically on them: all voters; addresses in the county and the different styles of ballots.
The kiosk does communicate with a network, however, it uses a virtual private network, known as a VPN, to do so.
VPNs are generally considered safe, but have been found to have vulnerabilities. For example, earlier this year Cisco had to issue warnings to users after they discovered their VPNs could be breached in a way that could give an attacker full control of a system.
But Fontes insists that the VPN used by the Recorder’s Office is secure.
The kiosks connect to the VPN to check to make sure a voter checking in is registered. After it finds receives an answer, it disconnects, Fontes said.
“I’ve spent the last 20 months trying to become an expert in this,” he said. “There’s no, ‘have a good weekend,’ because we are always worried about this.”
Fontes said other elections officials across the country have been looking at Maricopa County’s system as a new secure way to make sure voters are safe.
“This is the best way to do this out there right now,” Fontes said.
However, when asked about the details of any specific attacks their office may have been the subject of, Fontes declined to answer.
And the system has come with its own unique issues.
Issues at the polls
Fontes has come under fire in recent weeks after 62 polling stations had technical issues that prevented voters from casting ballots for several hours during last month’s primary election. One culprit was the check-in kiosks.
Records obtained by The Arizona Republic showed that technicians from Tempe based IT company Insight ran into a multitude of issues.
Some of the machines required software updates. Othershad cracked screens. At other polling places, the networks needed for the machines did not work.
Fontes would not answer the Mirror’s questions about the primary election problems, but said his office expects to add more technicians, more polling places and more check-in machines in November.
Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.