Voting Village - Secure the Vote
This is a modal window.
Das Video konnte nicht geladen werden, da entweder ein Server- oder Netzwerkfehler auftrat oder das Format nicht unterstützt wird.
Formale Metadaten
| Titel |
| |
| Untertitel |
| |
| Serientitel | ||
| Anzahl der Teile | ||
| Autor | ||
| Lizenz | CC-Namensnennung 3.0 Unported: Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen. | |
| Identifikatoren | 10.5446/50768 (DOI) | |
| Herausgeber | ||
| Erscheinungsjahr | ||
| Sprache |
Inhaltliche Metadaten
| Fachgebiet | ||
| Genre | ||
| Abstract |
|
00:00
Abstimmung <Frequenz>HackerIRIS-TDatensatzTopologieCoxeter-GruppeAbstimmung <Frequenz>
00:16
Abstimmung <Frequenz>GruppenoperationComputersicherheitStellenringDialektEinsCoxeter-GruppeFokalpunktTouchscreenDienst <Informatik>RechenwerkChirurgie <Mathematik>GruppenoperationMinkowski-MetrikProjektive EbeneAdditionCybersexComputersicherheitComputeranimation
01:14
Abstimmung <Frequenz>ComputersicherheitProgrammGeradeAbstimmung <Frequenz>FlächeninhaltUniformer RaumRPCStrömungsrichtungDienst <Informatik>SystemaufrufInstantiierungBildschirmfensterDiagrammComputeranimation
01:46
AggregatzustandE-MailAbstimmung <Frequenz>Strom <Mathematik>ImplementierungDatentransferTypentheorieMobiles InternetStatistikOffice-PaketTelekommunikationSoftwarePufferspeicherKeller <Informatik>Syntaktische AnalyseParserPufferüberlaufVektorpotenzialAnalysisComputersicherheitRechnernetzWorkstation <Musikinstrument>Einfach zusammenhängender RaumInformationAutorisierungKonsistenz <Informatik>ServerHochdruckGebäude <Mathematik>Patch <Software>AuthentifikationMultiplikationTeilbarkeitMengentheoretische TopologieKrümmungsmaßStandardabweichungChiffrierungTypentheorieNational Institute of Standards and TechnologyGamecontrollerComputersicherheitMAPMobiles InternetQuick-SortGüte der AnpassungAbstimmung <Frequenz>IntegralCASE <Informatik>TopologieSoftwareGleitendes MittelPortal <Internet>PunktHochdruckMultiplikationsoperatorImplementierungURLCoxeter-GruppeStandardabweichungRechter WinkelPatch <Software>Ganze FunktionRechenschieberSoftwareschwachstelleÄußere Algebra eines ModulsStrahlensätzeDifferenteAggregatzustandDatentransferInformationChiffrierungGrenzschichtablösungDreiMailboxPufferüberlaufE-MailOffice-PaketAuthentifikationPhysikalisches SystemRegistrierung <Bildverarbeitung>Weg <Topologie>Virtuelle MaschinePuffer <Netzplantechnik>ParserKrümmungsmaßEinsHackerMereologieOpen SourceDateiformatVierzigDatensatzMailing-ListeProzess <Informatik>Formation <Mathematik>ResultanteEinfügungsdämpfungServerBildgebendes VerfahrenEntscheidungstheorieDesign by ContractDialektEinfacher RingWorkstation <Musikinstrument>RelativitätstheorieZahlenbereichLie-GruppeFlächeninhaltGeradeGruppenoperationRuhmasseResiduumGemeinsamer SpeicherZeitrichtungEnergiedichteMathematikFastringDivergente ReiheOrdnung <Mathematik>SummengleichungFehlermeldungComputeranimation
09:00
DatentransferKonsistenz <Informatik>InformationStandardabweichungChiffrierungVirtuelle MaschineAdvanced Encryption StandardImplementierungKonfiguration <Informatik>Protokoll <Datenverarbeitungssystem>RechnernetzKondition <Mathematik>ComputersicherheitAnalysisAggregatzustandMaßerweiterungSoftwareschwachstelleExploitKontrollstrukturAbstimmung <Frequenz>ServerMultiplikationAuthentifikationTeilbarkeitMengentheoretische TopologieWorkstation <Musikinstrument>EliminationsverfahrenPunktPatch <Software>AggregatzustandRichtungVektorpotenzialStandardabweichungInternetworkingVirtuelle MaschineComputersicherheitSoftwareMultiplikationAbstimmung <Frequenz>ImplementierungChiffrierungQuick-SortDatensatzBitPhysikalismusWurzel <Mathematik>IntegralPunktDefaultZahlenbereichFlächentheoriePhysikalisches SystemDatentransferTrennschärfe <Statistik>Dienst <Informatik>TopologieTermDifferenteSoftwareschwachstelleMAPBenutzerbeteiligungOrtsoperatorURLEchtzeitsystemProtokoll <Datenverarbeitungssystem>HochdruckOffice-PaketService providerCASE <Informatik>Registrierung <Bildverarbeitung>AnalysisTropfenSchlussregelRoutingEntscheidungstheorieMultiplikationsoperatorMetropolitan area networkProzess <Informatik>MittelwertResultanteEinsARM <Computerarchitektur>SchießverfahrenRationale ZahlTrägheitsmomentFehlermeldungBitrateVersionsverwaltungPlateau-ProblemAutonomes SystemBenutzerfreundlichkeitSummengleichungMessage-PassingFamilie <Mathematik>Computeranimation
16:14
Virtuelle MaschinePunktComputersicherheitComputeranimation
Transkript: English(automatisch erzeugt)
00:00
Hi, Voting Village. My name is Forrest Senti. I'm the Director of Business and Government Affairs at the National Cybersecurity Center. I'm Caleb Gardner. I'm a fellow at the National Cybersecurity Center in Sacramento. And we're going to be presenting you our Hack-a-Facts presentation today. For a little background to start, National Cybersecurity Center is a 501c3 centered in Colorado Springs.
00:21
A lot of our focus has to do with cyber innovation awareness, and a lot of our projects have to do with tackle global problems, whether it comes in smart cities, elections, space. Some of our colleagues in the space ISAC are presenting today in the Airspace Village. We want to give them a good congratulations and a shout out over there. But the big reason why we're here today, ultimately, is that we want to talk about the gap, the security gap.
00:44
And specifically, it has to do with policy, in addition to different agencies and groups. A lot of people ask, why NCC? Why not? Why do we care about some of these issues? And the reality is that between the different groups that exist in the United States that are multi-agency, multi-party, multi-policy, you know, depending on where you come from,
01:00
whether it's the Elections Security ISAC, groups like Verified Voting, MIT, even places like EIC, CIS, all serve a specific segment. But our focus is on identifying gaps in critical infrastructure. And the presentation you're going to hear from us today is going to be talking about that gap. One gap we've identified specifically has to do with the population affecting the overseas voter, or UOCAVA.
01:25
This is specific to the Uniformed and Overseas Citizens Absentee Voting Act. Many of you here at the Voting Village, it's going to be no secret surprise to you. You know what this means. You know how many people and, you know, kind of the different challenges these people face, whether they're voting from Afghanistan or Italy, or even from a remote jungle, Amazon.
01:43
So a lot of what we're focused on today is on this area. So one of the pieces I want to call out is specific to fax machines, like we mentioned early on. Under the current implementation of the Move Act that was established in 2009, 31 states currently allow for ballot return via email and fax. This means that these 31 states have to provide a place for these people that are
02:05
voting from overseas to provide a place for them to send their ballot via fax or email. So knowing this information, and us seeing this different research that was coming out, we wanted to do a quick breakdown and see how many ballots were actually transmitted back in 2018.
02:20
According to the EAC, roughly 29,000 ballots were sent. Now, this was under the category of others. So some of these in there could be mobile voting like from West Virginia or a web portal like in Colorado, Montana, Arizona, or Michigan. But 29,000 ballots, although not statistically significant to the rest of the United States, still represents a population that is voting using this method.
02:42
And this shows that election offices are still allowing for this method and pushing for it even in some cases. Although it has been on a decline, it's important to note that security is still paramount for every single vote that comes out. So now I'll hand it over to Caleb. He's going to talk a little more about the research that we did specific to fax machines in election jurisdictions and kind of give you a little more of the issue as well.
03:03
Thanks, Forrest. So first off, we're going to reference you guys back to some presentations that probably made an impression on you when you first saw them. They are specifically focused on fax and printer faxes. So first off, in DEFCON 26, we saw a lot of fax from Check Point Research, and that was a big sticking point for me, and we came back to that a lot as we went to do our own research and talk to other counties and cities.
03:25
So we'll move to the next slide. And what Check Point Research really showed us was that it was impossible to exploit a printer fax just with a publicly available fax number. No city or county that I looked for, their fax number was not available. Every single time I could find it for their
03:42
city quick or their county quick, which is where you'd be submitting your vote for if you were one of these UOCAVA voters. So using that phone number, Check Point Research was able to hack printer fax, and actually they were also able to get to the network behind that printer fax if it was on a flat network topology with no segmentation. So we'll talk about how they did that really fast.
04:02
In the T30 protocol, we have access to both the data and the headers, and this enabled us to have full control over the JPEG file, so that's why we use JPEG over any other file type. And over the PSTN networks, the publicly switched telephone network, we are able to get to that printer fax and use the proprietary JPEG parser.
04:22
They specifically looked at HP, but this is probably going to be the case for any of the big solutions, if that's Xerox, if that's HP, if that's someone else. They're probably implementing their own JPEG parser rather than using some sort of open source publicly known security parser. So since they did that themselves, they found a lot of CVEs in there. They found a buffer overflow with parts from DHT markers.
04:43
And with that, they had a controllable stack-based overflow. They could do anything with it, and they were able to get a great exploit, which they put on, it turned out to go up to the rest of the network. And so it was a really great demonstration, and that's why it's like this. What could you do with this? A lot, practically everything. You have confidential attacks, integrity attacks, and availability attacks. You have a full CIA triad.
05:05
You're seeing voter registration info, particularly if you're getting through to the network behind these printer faxes. You're seeing ballots, hopefully not, but potentially, and you were able to maybe change those ballots. We, that's one of the things that we're going to look at in the future, is if we can get into one
05:21
of these printer faxes, can we get to those ballots, or can we get the incoming ballots and change them before they're stored? And also you have availability attacks. You're potentially able to bring down an entire city or county's infrastructure for receiving votes for that election, which would make a recount necessary, which would make a lot of bad things happen. Obviously, we don't want to be seen. So we're going to research. We did
05:42
some confidential research with different cities and counties, and we have to keep that confidential. We're under NDA, but we can generalize. We can say what are the rough takeaways we're seeing from two main different types of cities. First off, we have City A. This is your medium to large size city. They probably have good infrastructure investment in IT.
06:00
They're probably able to actually hire talented IT professionals who are security conscious, and they're able to enforce strict adherence to best practices in regards to security. These are all great things, and you're probably going to see a pretty secure off -the-bat printer fax implementation we did when we were looking at these types of cities. City B, however, is the city that we talk about pretty much every time DEF CON rolls around with voting bills.
06:23
They're the ones who are still running the DREs that we have shown vulnerabilities in every year. You know, it's obviously a broken system that they're still implementing, but they're not going to spend the money to fix it. They're not going to spend any money to become security conscious. So probably a really poor mismanaged IT department, and they probably don't have good patching policies or security posture.
06:45
So looking at City A in more in-depth, the things that they have that makes them stand apart from other cities is that they have usually segmented networks. This keeps their printer fax separate from their data servers, it keeps them separate from their employee workstations, and it's even segmented on a very in-depth level.
07:01
So every fire station and police station, those three things, the data servers, the workstations, and the print servers, would all be different things in every single location. So it's an extremely segmented network that keeps you from getting to a lot of access through that one printer fax. So basically, City A knows that printer fax is a potential point of intrusion. They probably have good patching policies for the printers, hopefully they have multi-factor in general, and also
07:23
for the printer fax servers, and they're probably using fax over IP over PSTN fax, T38 over T30. City B, however, doesn't have any of these things practically. At a flat network topology, you exploit the printer fax, you exploit the network. And they have bad patching, bad multi-factor authentication and implementation, and bad security posture.
07:43
So if you're a City B, you're thinking, well, does this apply to me? You know, how can I know? Well, our high-level attack overview is specifically geared towards what Check Point Research did, and showing that specifically it's HP OfficeJet Pro 6830 online printer.
08:01
However, it wasn't the printer that had the vulnerability, it was HP's implementation of the JPEG parser, if you remember. So HP released a security bulletin in July 2018, talking about this, providing patches. However, maybe not all of City B saw that. Maybe they didn't apply that patch, maybe they didn't even think they applied that patch, or they're not even keeping in track with their bottle recycle machine.
08:23
Yeah, these sorts of things are not important to lots of cities, and they're not going to look at security patches when they're available for them. So I would recommend, if you're a City B, looking to see if you have an HP printer. Did you buy it after 2018, before 2018? Did you apply a patch if you bought it before 2018? And if you didn't, and you're using Kistian, you're probably susceptible to this attack right now.
08:45
NIST has some things to say about it as well. NIST says that there is no widely used standard for fax encryption. Thus, information sent by fax is at risk for the possible interception or modification. Jurisdictions should carefully weigh the risks of fax transmission over other alternatives. So this is a big deal, and I think this is one of the biggest vulnerabilities that we're seeing in fax.
09:05
And the thing that we'd like to see change the most in the future is the unencryption of it. And we would like to see a default encryption method used on fax in the future. T38 making encryption standard rather than optional would probably be a great step in that direction. They also stress the secure location of fax machines, because often with T30,
09:24
voting records or registration might be actually still stored on that machine as it comes through, unbeknownst to the user. So physical access would allow access to all those PII. T38 and T30, we'll go over that really quickly if we haven't gone enough over it already.
09:40
So PSTN, that's going to be T30. That's going to be unencrypted, and it's not real time. T38 is the future that we're currently living in, but we also need to see the future as far as encryption implementations. So we saw BabyTelle as a company, and they have an AES implementation that's very useful for companies that are regulated, and that are mandated to use potentially unsecure networks along the way towards the delivery to the user.
10:04
However, this AES implementation by BabyTelle is ensuring that you will have encrypted transport all the way across. So more stuff like that is what we need to see on a default level in the industry, and we're not seeing right now, which is why we're talking about it and getting that on the record.
10:21
So, fax security versus public perception. The big issue we kind of faced in pushback from different cities and counties was that they say they only made the last fax ballot they received was 2012, and that's eight years ago. So they don't think about it at all. It doesn't cross their minds. And since they don't see it on a daily basis, they ask themselves, why do we need to secure this? It doesn't seem like a security risk. But the point is, is that zero ballots need to be cashed for it to be a security risk.
10:46
The fact of the matter is that having your publicly available city or county clerk number online, and knowing, and religious actors knowing that that's the phone number they need to have access to, if they need to own that printer, or print a fax, that's all they need. And if you are not patched, if you're on a potentially vulnerable solution, that's it.
11:03
You're done, that print a fax is done, you're potentially putting yourself up for integrity tax, at the very least, confidentiality and availability if you have bad network topology solutions. So we faced a lot of pushback, but we definitely need to acknowledge that that's the issue, is the root of matter is having a publicly available phone number.
11:21
So let's talk about the security gap analysis as we move towards a future state. Well, like we talked about, we want to see encryption. We want to maybe even see fax no longer being a needed method for transmission. But the reality is that many industries still rely on fax. Medical is 70% of all medical transmissions. But maybe elections doesn't have to be one of those industries where fax is reality.
11:44
So what are we going to do in the future as we continue to work on this with Secure the Vote? Well, we want to reconstruct the fax plate, but we also want to demonstrate it with the T38 fax protocol and fax over IP. Because a lot of what we're seeing from cities and counties, well, we do do fax sometimes, but it's all electronically.
12:00
And sometimes for the city B or county B scenarios, IP just means security to them. Over the Internet it means security. Maybe they have some sort of bias against phone lines, but not IP when that's not the case. And so we need to demonstrate that exploit to various election officials around the country and show fax is insecure and it can be changed,
12:20
and we need to make sure that this is a secure place to secure our votes and to secure our democracy. So we're going to continue to raise awareness about fax insecurity. So why now? Well, for one thing, COVID-19 has made this a very interesting age and potentially could drop voter turnout as people cannot come out to physical voting locations.
12:40
And maybe jurisdictions will look to things traditionally offered at Oklahoma and offering that to the general public. So fax, the Web portals, the mobile voting. And we need to be very conscious when we look at adding fax to the general public, because that is adding a huge attack surface. And that's adding many, you know, the millions more votes that could potentially be
13:01
cast by fax, even though we probably won't see millions of votes cast by fax. The potential is the point. And that potential millions of votes that could be changed or maliciously attacked is very juicy target for nation states. Maybe they're looking to influence it. So we need to keep that in mind as we potentially add faxing for more people.
13:22
So if it does get added, we need to look at it very security minded and as an emergency ballot return method, not as something that everybody should think about doing over anything else. Election officers should probably secure, perform security audits on their fax machines to make sure, you know, potentially if you were exactly what we've been talking about, that you bought it after 2018 and it has a security patch applied, all that good stuff.
13:44
Because if it's not, that's the first step of aggressive towards fixing this situation. So short term recommendations. If you were a position of power, you need to talk to your IT department about these things that we've been talking about. Specifically, you have security posture like multi factor. You have that already strong across your IT department and you have that for your printer fax service.
14:03
You have a segmented network topology that will help you defend from these confidentiality and availability attacks that we've been talking about. And even the integrity attacks that will keep the current fax from exploiting the rest of your election members. And do you have a patching policy? Are you even security conscious about the network machines that you have in your office?
14:23
If you don't have these things or you don't know, I would definitely recommend talking to your IT department about this and try to secure your network by this fall. And in the further future, we need to talk about how T38 fax over IP using an encrypted solution should be the standard, the default, and what everyone is using, especially in the selections context.
14:43
The real time faxing for everyone, so we're not storing, especially unbeknownst to the users, voter records on these fax machines. And the T30 having an encryption protocol would also be great because a lot of people are still going to be stuck on legacy systems for various reasons.
15:01
And having encryption for that would be great as well. So the medical industry has actually had a little bit of a comes to or eliminating faxes. So they would do about 20, 20 for one of the main providers for fax solutions for medical companies. It hasn't happened yet. You know, it's been a crazy time, but they're definitely looking at your fax. So can we maybe eventually follow the medical industry?
15:22
It's a great question, something we're looking at in the future. So what's the point of all this? With all of 2020's craziness, laying down to the end of 2020, everything that's happened, this election is going to be of a tantamount of importance, obviously. So we cannot let this opportunity to further secure America's democracy go unspoken. That's all that we're about here at Voting Village is showing exploits, showing
15:42
vulnerabilities and saying we are not securing our democracy properly if we really care. And fax is one of those things, even though it's a few ballots, it's a few ballots and those few ballots matter. So at the same time, can we leverage you guys? Can we say, if you guys have a fax machine, if you're interested, if you want to keep following us up, how about you hack your fax machine?
16:01
Post about it with hashtag Hackafax and we'll be able to see that and we'll be able to continue looking at that and showing that to officials as we go about the country for the next few years with Secure the Vote. So that's what we have. I've been Gail Gardner. I'm Ben Forseti. And we're with the National Cybersecurity Center. And that's a Hackafax.
16:20
Cool. Thanks, guys.