Over the summer, computer science graduate student Ariel Feldman and Alex Halderman GS ’09 reprogrammed a Sequoia AVC Edge touch-screen voting machine to play the arcade classic Pac-Man in honor of the game’s 30th anniversary. The process took just three afternoons.
“The machine internally resembles something like a 15-year-old PC,” Feldman said. “It will run PC software if you can get it on there.”
The hardest part was finding and remembering how to use software that was old enough to be compatible with the machine, the researchers said.
The project was a lighthearted extension of more serious research that Feldman and Halderman conducted on electronic voting security in conjunction with computer science professor Edward Felten, director of the Center for Information Technology Policy.
“It would take a much smaller change to the software to reprogram it to steal votes,” Halderman said.
Felten said that the project, which he was not directly involved in, has important implications.
“This is a demo that these machines are capable of all kinds of behaviors that we might not have anticipated, and they did it in a fun way,” Felten said.
Felten, Feldman and Halderman released a paper in 2006 that detailed their discovery of a security flaw in a different voting machine: the Accuvote-TS produced by Diebold, Inc. The researchers discovered that viruses could be spread from machine to machine via removable memory cards.
“Although the voting machines from the outside look like very specialized devices ... they’re just regular old PCs,” Feldman explained. “Basically any complicated cheating strategy you can imagine ... is possible once you reprogram the machine.”
To reprogram the Sequoia machine to play Pac-Man, Feldman and Halderman removed the screws from the voting machine case, extracted the memory card and replaced it with one containing the video game software. The card they used was identical to those found in some digital cameras. The researchers were able to install the new card without breaking the machine’s tamper-evident seals.
Researchers have long known of security flaws in direct-recording electronic machines, which record votes in computer memory. Both the Accuvote-TS and the Sequoia AVC Edge are DRE machines. In 2008, the Sequoia Edge was used in 161 districts across the country, which had a total of 9 million registered voters.
“It’s long been known since at least 2004 that this whole class of machines is insecure,” Feldman said, noting that hackers “can do arbitrary things to the vote totals.”
Felten said that while he still does not consider the machines he studied to be safe enough to use, he thinks voting systems are growing more secure. All New Jersey counties use DRE machines in their polling places, though the types used were not included in the security studies conducted by Feldman, Felten and Halderman.
“On a larger scale, the general message about the riskiness of paperless voting has gotten out, a lot of people have accepted it, and if you look at the general trend across the U.S., there’s a general trend toward better systems,” Felten said.
Still, Felten said he favors optical-scan voting systems that involve voters filling out paper forms that are scanned electronically.
Feldman and Halderman presented their Pac-Man project in August at the Electronic Voting Technology Workshop during a “rump session” for less serious projects. The machine they used is currently located on campus.
Feldman said they undertook the project while “procrastinating for more important work,” and also tried running Wolfenstein 3D, a 1992 fighting game, on the machine.
Read More
Yale University to join Research Collections and Preservation Consortium (ReCAP)
David YunYale University has joined Princeton, Columbia, Harvard, and the New York Public Library in one of the world’s largest library and archives preservation repositories and shared collections, Research Collections and Preservation Consortium, also known as ReCAP.
Yale University has joined Princeton, Columbia, Harvard, and the New York Public Library in one of the world’s largest library and archives preservation repositories and shared collections, Research Collections and Preservation Consortium, also known as ReCAP.
Princeton rising junior passes away in cycling accident
Victoria DaviesKerry Grundlingh ’27 has passed away in a cycling accident near her home in South Africa.
Kerry Grundlingh ’27 has passed away in a cycling accident near her home in South Africa.
15 personas detenidas por ICE en Calle Harrison, explican funcionarios de Princeton
Luke GrippoSegún el alcalde de Princeton, Mark Freda, inicialmente los oficiales de inmigración solamente estaban en busca de una persona. Ana Paola Pazmiño, directora ejecutiva del grupo local de defensa de la inmigración, Resistencia en Acción NJ, reveló que los oficiales detuvieron a estas personas y les pusieron en una camioneta mientras ellos estaban de camino a su trabajo de paisajismo.
Según el alcalde de Princeton, Mark Freda, inicialmente los oficiales de inmigración solamente estaban en busca de una persona. Ana Paola Pazmiño, directora ejecutiva del grupo local de defensa de la inmigración, Resistencia en Acción NJ, reveló que los oficiales detuvieron a estas personas y les pusieron en una camioneta mientras ellos estaban de camino a su trabajo de paisajismo.