HomeWinBuzzer NewsMicrosoft's Windows CE Is Still Running on Some U.S. Voting Systems

Microsoft’s Windows CE Is Still Running on Some U.S. Voting Systems

Reports suggest that some US voting machines are still running a 2003 version of Windows CE.net, which is open to several kinds of attacks.

-

In November 1996, Bill Gates announced the Windows CE operating system at the COMDEX expo. It was quickly updated, and since then we’ve seen eight versions of the OS.

However, according to a VICE reporter the old versions aren’t dead quite yet. AccuVote machines in Utah, Alaska, and Georgia are still running a 2003 version of WindowsCE.net.

Security Concerns

University of Michigan computer science professor J. Alex Halderman says the practice is “painting a bullseye” on the election system. Halderman was able to develop vote-stealing software that could be installed by practically anyone.

Furthermore, Halderman says an attacker could “create malicious code that spreads automatically and silently from machine to machine during normal election activities.”

This isn’t the only example, either. Last week, Symantec released results from a simulated election it ran during a Black Hat conference in August. Several flaws were found in a voting machine bought in an auction. According to security experts, touchscreen DRE systems are easy to exploit by someone with basic hacking skills.

Voter Cards

Symantec says the easiest way to commit voting fraud is via voter cards.

“Anyone who knows how to program a chip card and purchases a simple $15 Raspberry Pi-like device, could secretly reactivate their voter card while inside the privacy of a voting booth,” said Brian Varner, a security expert at the company.

Varner was also able to program the card to vote multiple times. “In both approaches, that attacker is stuffing the digital ballot box and casting doubt in the validity of the results from that polling station,” he said.

However, the scariest applications are not in the voter card, but in the machine itself. Princeton University professor Andrew W. Appel was able to compromise the ‘Advantage’ model of DRE machines.

Via basic programming skills, Appel was able to install a fraudulent vote counting program that could control the computer inside the machine.

“The software I built wasn’t rocket science — any competent computer programmer could write the same code. Once it’s installed, it could steal elections for years to come,” said Appel.

As a precautionary measure, DRE machines produce a paper record of each vote officials can examine them in the case of a recount. Unfortunately, over a dozen states are yet to fully implement the practice.

The evidence gives credence to Trump’s outlandish claims of widespread voter fraud, and he could have a genuine case in the event of a close result.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News