Hackers Take on Darpa's $10 Million Voting Machine
At this year's Defcon hacking conference, Darpa brought the beginnings of what it hopes will be impervious hardware.
BY LILY HAY NEWMAN
FOR THE LAST two years, hackers have come to the Voting Village at the Defcon security conference in Las Vegas to tear down voting machines and analyze them for vulnerabilities. But this year’s village features a fancy new target: a prototype of a so-called secure voting machine, created through a $10 million project at the Defense Advanced Research Projects Agency. You know it better as Darpa, the government's mad science wing.
Announced in March, the initiative aims to develop an open source voting platform built on secure hardware. The Oregon-based verifiable systems firm Galois is designing the voting system. And Darpa wants you to know: Its endgame goes way beyond securing the vote. The agency hopes to use voting machines as a model system for developing a secure hardware platform—meaning that the group is designing all the chips that go into a computer from the ground up, and isn’t using proprietary components from companies like Intel or AMD.
“The goal of the program is to develop these tools to provide security against hardware vulnerabilities,” says Linton Salmon, the project’s program manager at Darpa. “Our goal is to protect against remote attacks.”
Other voting machines in the village are complete, deployed products that attendees can take apart and analyze. But the Darpa machines are prototypes, currently running on virtualized versions of the hardware platforms they will eventually use. A basic user interface is currently being provided by the secure voting firm VotingWorks.
To vote using the system, you go up to a touchscreen, make your picks (Which Is The Best Star Wars Movie; Are Hot Dogs Sandwiches), confirm your selections, and then send them to be printed out. Your selections appear along with a QR code in the upper right-hand corner of the page. Next, you feed your printed votes into a secure ballot box—currently part of a filing cabinet Frankensteined to some printer components. The ballot box scans the document as you insert it, and uses the QR code to perform a cryptographic validity check. If the paper doesn’t pass the test, either by being fraudulent or from a different election, the scanner will reject the paper and won’t record the vote.
All of the components that a voter would interact with are still bare-bones prototypes that don’t provide much to hack. At the 2020 village, Darpa plans to have a more complete system for attendees to assess. But hackers can still probe the secure hardware infrastructure and attempt to find flaws in its layers of protection against hardware-based attacks, everything from complicated strikes speculative execution attacks and Rowhammer to more common flaws like buffer overflows.
Participants sitting down to assess the system on Friday told WIRED that it seems promising. And creating an open source secure hardware platform that anyone can incorporate into their products has the potential, beyond voting machines, to have a major impact on Internet of Things overall.
“All of this is here for people to poke at,” says Dan Zimmerman, principal researcher at Galois. “I don’t think anyone has found any bugs or issues yet, but we want people to find things. We’re going to make a small board solely for the purpose of letting people test the secure hardware in their homes and classrooms and we’ll release that.”
There’s also already a code repository on securehardware.org that hackers can analyze from afar. The group has even embedded sample vulnerabilities in the code so researchers can see how the hardware platform works to minimize the threat that they pose and look for flaws in these defenses.
“There’s a terrible software vulnerability in there,” says Dan Wallach, a security researcher at Rice University in Houston. “I know because I wrote it. It’s a web server that anyone can connect to and read/write arbitrary memory. That’s so bad. But the idea is that even with that in there, an attacker still won’t be able to get to things like crypto keys or anything really. All they would be able to do right now is crash the system.”
Darpa and Galois hope that Defcon attendees will find bugs and have defense suggestions throughout the weekend, and that the larger community will have input as well. The system will also travel to a series of universities over the next two years for vetting by a range of academics.
The point of the Voting Village has always been to find flaws in the hopes of making voting machines safer. But Darpa's prototype may be the first time those discoveries are actually welcome.