The US state of Virginia is decommissioning a long-serving electronic voting system after learning of its gaping security holes.

The state's Board of Elections was urged to decertify the Wi-Fi-connected Advanced Voting Systems WINVote system after the boxes were found to lack basic security measures against physical and electronic incursions.

"The security review determined that the combination of weak security controls used by the devices would not be able to prevent a malicious third party from modifying the votes recorded by the WINVote devices," the Virginia IT Agency (VITA) wrote in a report to the board [PDF]. VITA is, as the name suggests, the state's IT department, effectively.

"The primary contributor to these findings is a combination of weak security controls used by the devices: namely, the use of encryption protocols that are not secure, weak passwords, and insufficient system hardening."

AVS WINVote devices have been in use by the state for more than a decade, and were employed for annual state elections as well as the last three presidential campaigns. According to the Verified Voting Foundation, 30 counties in Virginia used the machines to record votes last year.

The VITA investigation was kicked off after one of the machines displayed error messages and was unable to correctly report a tally of votes from an election held last year. Now, having looked into the security of the machines, VITA advised the election board to bin the machines ASAP.

Among the problems investigators found with the systems were serious lapses in network security. Many of the systems allowed for administrator access with either the default "admin" password, or an easily guessed password such as "abcde."

House of horrors

Even if a strong password was used on the box, other lapses, such as an always-on Wi-Fi connection and the use of weak WEP encryption, would potentially allow for data to be intercepted and compromised.

As the name would suggest, the WINVote systems were based on Microsoft's OS: in this case, unpatched versions of Windows XP Embedded 2002. Researchers found that the devices were vulnerable to exploited flaws which have been known of as far back as 2004.

On top of that, the study found that the devices were also trivial to tamper with physically. The voting devices themselves had accessible USB ports and the printer and power button were housed behind a lock which could be "easily bypassed."

"Because the WINVote devices use insecure security protocols, weak passwords, and unpatched software, the WINVote devices operate with a high level of risk," the report concluded.

"The security testing by VITA proved that the vulnerabilities on the WINVote devices can allow a malicious party to compromise the confidentiality and integrity of voting data."

Shortly after the VITA report was published this week, the state's Board of Elections formally decertified the machines for use, effective immediately.

The WINVote ballot boxes were built by Texas-based Advanced Voting Solutions, which ceased production in 2007.

This is not the first time AVS WINVote has come under fire. Privacy warriors at the Electronic Frontier Foundation raised concerns [PDF] about the system back in 2006, and Pennsylvania decertified the machines for use in 2008 over security concerns. ®