this post was submitted on 15 Jun 2025
205 points (80.4% liked)

United States | News & Politics

3002 readers
1454 users here now

Welcome to !usa@midwest.social, where you can share and converse about the different things happening all over/about the United States.

If you’re interested in participating, please subscribe.

Rules

Be respectful and civil. No racism/bigotry/hateful speech.

Post anything related to the United States.

founded 2 years ago
MODERATORS
simsymbiote@midwest.social
Type1@midwest.social
205
She Won. They Didn't Just Change the Machines. They Rewired the Election. (thiswillhold.substack.com)
submitted 1 day ago by Five@slrpnk.net to c/usa@midwest.social
49 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] corsicanguppy@lemmy.ca 14 points 1 day ago (3 children)

Wait. This article suggests that a UPS was an attack vector.

Really?

[–] Voroxpete@sh.itjust.works 25 points 1 day ago* (last edited 1 day ago) (1 children)

That's actually extremely plausible.

A smart UPS needs to have access to some very low level functionality on the machine it's connected to in order to safely power it off in the event of a power failure. So you're talking about having at least some root / kernel level access there. It's not crazy to imagine that a malicious driver update could slip in more.

As another poster commented, I'd like to see this actually simulated to be sure, but it's not an idea that I'm willing to dismiss out of hand.

[–] the_crotch@sh.itjust.works 4 points 19 hours ago (1 children)

All they need is the ability to report battery percentage and send an ahci shutdown command to the OS. This is usually handled by an agent running on the machine, otherwise networked ups's would be useless

[–] Voroxpete@sh.itjust.works 1 points 15 hours ago

Yes, but in theory a malicious driver could do more. How much more I'm not exactly certain of, but I'm not going to outright dismiss the idea. Like I said, I'd like to see someone prove it in a lab.

[–] Theoriginalthon@lemmy.world 11 points 1 day ago (3 children)

The most wtf part is using windows on a voting machine and the fact that windows trusts an UPS that connected via usb, I'm not sure how true it is but I'd kind of believe that, as usb is the best way to attack airgapped systems

[–] redsand@lemmy.dbzer0.com 1 points 11 hours ago

The voting village at defcon is a nightmare, a dream or a joke depending on your perspective

[–] Voroxpete@sh.itjust.works 14 points 1 day ago (3 children)

The most WTF part is that you all use voting machines. In Canadian federal elections every vote is counted by hand, end of story.

[–] minoscopede@lemmy.world 13 points 23 hours ago

💯 we should all be very wary of voting machines. If it's not fully open source and cryptographically verifiable, it's not secure.

[–] Theoriginalthon@lemmy.world 5 points 23 hours ago

Same in the UK

[–] the_crotch@sh.itjust.works 1 points 19 hours ago* (last edited 19 hours ago) (1 children)

I can't speak for the whole US, but in Connecticut we use a Scantron sort of system where you fill in bubbles on paper and feed it into a machine. This leaves us with a paper ballot in addition to the machine's totals. Using machines isn't necessarily a bad thing, it makes the count a lot faster and it's not like human counters couldn't lie. If other states don't have that paper backup though, they should.

[–] Voroxpete@sh.itjust.works 2 points 15 hours ago

We use the same thing for civic and provincial elections in Canada, but for federal it's strictly hand count only.

[–] the_crotch@sh.itjust.works 2 points 19 hours ago

The reason governments use windows is because Microsoft paid to have the various certifications done that are required by regulators. That's why when they do use Linux they end up using something like RHEL (the support contracts factor in too)

[–] supernicepojo@lemmy.world 8 points 1 day ago

Sure, why not, any internet connected device is inherently unsafe.