US government researchers have discovered that the Diebold AccuVote TS electronic voting (e-voting) systems – the same kind likely to be used in the upcoming 2012 US Presidential elections – have a security vulnerability that can be exploited to carry out a man-in-the-middle (MITM) attack. According to a report on Salon.com, the Vulnerability Assessment Team (VAT) at the Argonne National Laboratory (a United States Department of Energy laboratory) say that, using the newly developed hack, voting results could be changed without leaving a single trace of manipulation behind.

The e-voting system hack can be completed with "just $10.50 in parts and an 8th grade science education"; for another $15 worth of parts, a wireless RF remote control can be added to start and stop the attacks. VAT leader Roger Johnston said that the team believes that these type of attacks "are potentially possible on a wide variety of electronic voting machines", adding that they think they can "do similar things on pretty much every electronic voting machine".

A video demonstration and explanation detailing the vulnerability and the attack is provided by the Brad Blog, a co-founder of VelvetRevolution.us which provided the voting system used by the researchers.

See also:

Voting machine hack demonstrates "Return-oriented Programming", a 2009 report from The H.

(crve)