Indian EVMs can be hacked by sending an SMS
Professor#-Link-Snipped-#, Assistant professor of electrical engineering and computer science at the University of Michigan led a project that involved connecting a home-made electronic device to the EVM and then altering the results simply by sending an SMS to the electronic device.
The team comprising of J. Alex Halderman, Hari K. Prasad, Rop Gonggrijp from USA, India & Netherlands respectively got access to the EVM through a source who remained anonymous. The team found out that an attacker with brief access to the EVM can tamer the machine and change the outcome of the elections.
#-Link-Snipped-#
Credit: www.indiaevm.org
Abstract of the technical paper presented by the team is as follows -
Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized because of widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security, in light of relevant election procedures. We conclude that in spite of the machine's simplicity and minimal trusted computing base, it is vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study contains important lessons for Indian elections and for electronic voting security more generally.
Full Technical Paper is available here: PDF
For full demonstration, have a look at following video:
The team comprising of J. Alex Halderman, Hari K. Prasad, Rop Gonggrijp from USA, India & Netherlands respectively got access to the EVM through a source who remained anonymous. The team found out that an attacker with brief access to the EVM can tamer the machine and change the outcome of the elections.
#-Link-Snipped-#
Credit: www.indiaevm.org
Abstract of the technical paper presented by the team is as follows -
Elections in India are conducted almost exclusively using electronic voting machines developed over the past two decades by a pair of government-owned companies. These devices, known in India as EVMs, have been praised for their simple design, ease of use, and reliability, but recently they have also been criticized because of widespread reports of election irregularities. Despite this criticism, many details of the machines' design have never been publicly disclosed, and they have not been subjected to a rigorous, independent security evaluation. In this paper, we present a security analysis of a real Indian EVM obtained from an anonymous source. We describe the machine's design and operation in detail, and we evaluate its security, in light of relevant election procedures. We conclude that in spite of the machine's simplicity and minimal trusted computing base, it is vulnerable to serious attacks that can alter election results and violate the secrecy of the ballot. We demonstrate two attacks, implemented using custom hardware, which could be carried out by dishonest election insiders or other criminals with only brief physical access to the machines. This case study contains important lessons for Indian elections and for electronic voting security more generally.
Full Technical Paper is available here: PDF
For full demonstration, have a look at following video:
Replies
You are reading an archived discussion.
Related Posts
The mobile number portability service, which enables the users to switch the service providers/operators without changing their mobile number may get implemented in India within next 1-2 months. The service...
Industry's first 3D shooting module, that lets any mobile device capture Hi-Def video (720p) has been developed by Japanese electronics firm, Sharp. The module will start shipping in July 2010....
On 22 April this year, Facebook changed its privacy policy. If you have been through privacy policies of different websites, you would know about what the website intends to do...
The last month has seen the entire world go up in arms with Facebook’s privacy glitch. This was not the first time that Facebook had drawn flak; the current glitch...
Banking, Financial Services and Insurance (BFSI) services, Gaming, Mail and Messaging, Telecom, or CRM services etc. are few domains that have become more varied and more complex. Information systems roll...