Rachel Tobac @RachelTobac CEO @SocialProofSec social engineering keynotes/training/pentesting/workshops | 3X @DEFCON #SECTF 2nd place| Chair @WISPorg Board | Sr UXR @coursehero | she/her Aug. 13, 2019 1 min read

Practiced another voting machine exploit at @defcon @VotingVillageDC which showed again that we need to fight for:
A. voter-marked paper ballots
B. counted by computers (could fail/be hacked)
C. followed by risk limiting audit of reported count to verify computer-counted outcomes

Thank you anon, anon, and Nick for teaching me about this attack that only takes 2 minutes and affects the memory and ability to run election software on this machine. Using only a plugged in keyboard, you get admin access and can make these changes.

Thank you @Superbad358 for being my partner in this exploit practice! Thank you @mattblaze @HarriHursti for organizing us around goals to protect our democracy and fight for the right next steps to avoid relying only on vulnerable software and machines in an election!

Thanks for putting up with my low budget blurring skills in this video. Everyone blurred did not consent to recording, and it’s essential I protect their privacy even if it makes the video look odd! 🤖🤘

Voter apathy is the biggest threat to democracy @HarriHursti. Election machines/software can be tampered w/! Join me in demanding gov support for voter-marked paper ballots, counted by computers, followed by risk limiting audit of reported count to verify computer counted outcome

Want more info? Read expert @mattblaze’s tips to secure our election. Everything I’ve learned I’ve learned from him, @HarriHursti, and hackers on his team or at @defcon.

By the way, this keyboard attack is shown on the same voting machine I’m discussing here in this video:

Yes, learning about attacks is v interesting, and mitigation steps are super interesting and important, too. But without this next part none of it really makes a difference: Vote.

You can follow @RachelTobac.


Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Threader is an independent project created by only two developers. The site gets 500,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Running this space is expensive and time consuming. If you find Threader useful, please consider supporting us to make it a sustainable project.