Voting Technology is put to the test

Hacker Cracks Voting Machine in Less Than 2 Hours

A touch-screen voting machine used in a 2014 election in Virginia was hacked in about 100 minutes by exploiting a Windows XP flaw that was more than a decade old as part of a demonstration on security vulnerabilities in election technology.

The hacker was Carsten Schürmann, an associate professor with IT University of Copenhagen. He was one of the computer hackers invited to the Defcon convention in Las Vegas to test the security and integrity of common pieces of voting technology, many of which were purchased more than a decade ago and are rapidly becoming obsolete.

Within hours of the doors opening Friday at the Voting Machine Hacking Village, hackers penetrated the WinVote 2000 voting machine and gained access to an electronic poll book, the kind used to check in voters at thousands of polling places across the country. Microsoft Corp. , which made the Windows XP operating system, declined to comment.

They also penetrated the hardware and firmware of a kind of touch-screen voting machine used in hundreds of jurisdictions across the country, and could attack a simulated county voter registration network, like the networks in 21 states that were compromised by attackers last year.

Hackers were invited to “do the things that if you did on Election Day, they would arrest you,” said Matt Blaze, a computer science professor at the University of Pennsylvania and election security specialist who helped organize the event.

More From The Wall Street Journal (subscription required):