Rachel Tobac+ Your Authors @RachelTobac CEO @SocialProofSec social engineering & hacking training/pentest/workshops/keynotes | 3X @DEFCON SECTF 2nd place | Chair @WISPorg | SrUXR @coursehero | She/her Aug. 13, 2019 1 min read + Your Authors

Practiced another voting machine exploit at @defcon @VotingVillageDC which showed again that we need to fight for:
A. voter-marked paper ballots
B. counted by computers (could fail/be hacked)
C. followed by risk limiting audit of reported count to verify computer-counted outcomes

Thank you anon, anon, and Nick for teaching me about this attack that only takes 2 minutes and affects the memory and ability to run election software on this machine. Using only a plugged in keyboard, you get admin access and can make these changes.

Thank you @Superbad358 for being my partner in this exploit practice! Thank you @mattblaze @HarriHursti for organizing us around goals to protect our democracy and fight for the right next steps to avoid relying only on vulnerable software and machines in an election!

Thanks for putting up with my low budget blurring skills in this video. Everyone blurred did not consent to recording, and it’s essential I protect their privacy even if it makes the video look odd! 🤖🤘

Voter apathy is the biggest threat to democracy @HarriHursti. Election machines/software can be tampered w/! Join me in demanding gov support for voter-marked paper ballots, counted by computers, followed by risk limiting audit of reported count to verify computer counted outcome

Want more info? Read expert @mattblaze’s tips to secure our election. Everything I’ve learned I’ve learned from him, @HarriHursti, and hackers on his team or at @defcon.

By the way, this keyboard attack is shown on the same voting machine I’m discussing here in this video:

Yes, learning about attacks is v interesting, and mitigation steps are super interesting and important, too. But without this next part none of it really makes a difference: Vote.


You can follow @RachelTobac.



Bookmark

____
Tip: mention @threader_app on a Twitter thread with the keyword “compile” to get a link to it.

Enjoy Threader? Sign up.

Since you’re here...

... we’re asking visitors like you to make a contribution to support this independent project. In these uncertain times, access to information is vital. Threader gets 1,000,000+ visits a month and our iOS Twitter client was featured as an App of the Day by Apple. Your financial support will help two developers to keep working on this app. Everyone’s contribution, big or small, is so valuable. Support Threader by becoming premium or by donating on PayPal. Thank you.


Follow Threader