Skip to main content

Voting Machine Succumbs to New Programming Technique

Computer science professor Hovav Shacham (left) and Ph.D. student Stephen Checkoway (right) highlighted voting machine vulnerabilities.
Computer science professor Hovav Shacham (left) and Ph.D. student Stephen Checkoway (right) highlighted voting machine vulnerabilities.

In 2007, computer science professor Hovav Shacham first described a powerful new programming approach that generates malicious behavior by combining short snippets of good code already present in the computer. Now, Shacham and his team demonstrated that criminals could use this "return oriented programming" approach to force an electronic voting machine to use its good code to steal votes.

Unlike most previous voting security research, the computer scientists had no access to the machine's source code - or any other proprietary information - when designing the demonstration attack. They reverse engineered the voting machine's hardware and software and then used return-oriented programming to take over the machine and change vote totals.

Voting Machine Succumbs to New Programming Technique

"Based on our understanding of security and computer technology, it looks like using fast optical scanners that read paper ballots is the way to go. These systems are amenable to statistical audits, which is something the election security research community is shifting to," said Shacham. He and computer science Ph.D. student Stephen Checkoway collaborated with researchers from Princeton University and the University of Michigan on this project.

Read the paper, watch related videos and listen to Shacham on NPR's Science Friday at: https://www-cse.ucsd. edu/groups/security/avc/

Print Article