a VOTE FOR EVM ... how such systems are safe from hackers ....
The image of the hacker in the minds of the digital citizens, is one of fear that it is impossible to prevent the hacker from breaking into systems. The opinion is formed because the credentials (user ID and password) are the basis for getting access to personal accounts and systems. So, the belief is that if one gets hold of the credentials, then anything can be done. It is true that the hackers have proven that they not only keep pace with the software developments but are even a few steps ahead. The recent ransomware attack was a demonstration of how destructive the hackers can get. But such attacks do need some program to be installed through stealth in the target system. This needs the system to be connected to the network and accessible through the internet. It needs a TCP/IP connection and nothing else can work (like a serial bus). While the USB could be used to stealthily trigger installation of a malware program, the target system does need to be connected to a standard network, for the hacker to collect information from the trojan malware running on the system. Specifically, about ransomware kind of attack, the malware can at one shot make the files non-accessible by encrypting it with a secret key. But, for conveying the secret key for decryption, the network connectivity is needed. A standalone system cannot get access to the decryption key, which is made available by the hacker only after payment of the ransom.
A typical malware attack on any system, requires installation of a trojan server program. There are tools that hackers use to get their job done. Even ahead of installation of the malware program and running it, there is a need for the hacker to figure out a means to get into the target system. An open port is one of the means and there are tools available for the hacker that can scan the network and systems for open ports. The open port details can then be configured by the hacker in the intruding malware program. Malware installation can also happen through email attachments, images, and downloads from compromised web sites. Hackers are also nowadays successful with social engineering methods, where they talk through, cajole and convince the victim to install malicious trojan software. The extent of damage that the hacker can cause depends on how he has built the malware (or the features of a readymade malware that the hacker has downloaded). Fraudulent actions like getting screen shots, turning on webcams, getting a memory dump, capturing key strokes, locking the screen, changing password and transfer of the stolen information to the hacker’s machine, can typically be accomplished by the intruding malware. Interestingly (or rather shockingly), there have been instances reported of a form of “hardware hacking”. Intruders with fraudulent intent introduce a custom created chip that is pre-programmed to conduct malicious acts. This is hard to imagine though, as to how a multilayer board just be disrupted and a new chip introduced, without any access to board schematics, layout and track details (available in what is called the “gerber format file”). This can be possible only if the intruder is part of the design team and stealthily has provisioned a slot for the malicious chip. But with layers of security checks, it is difficult to believe that such tricks can be pulled off easily.
There is a fundamental need for the target system to be running any of the popular Operating Systems, to be amenable to hacking. The Malware program is designed to work on specific OS, as is the case with any of the software applications. There are systems that do not run any OS, and instead have a minimal software which is referred to as the “monitor software”, whose job it is to just initialize CPU and the peripheral chips that do specific functions like ferrying information to connected hardware devices, displays, keyboards etc.. Often the monitor software is not built separately from the main application software but instead just exists as one contiguous program. The data stored is entirely controlled by the program and is directly written to memory locations instead of using abstracted API’s and databases. Unless one has access to the source code, it is not possible to figure out even where critical data is stored, leave alone manipulating it. Typically, the embedded systems these days, allow external communication to happen through serial ports, or USB, Bluetooth or WiFi. But critical systems that are meant to be self-contained and secure, can be built without any external interface, ruling out any chance of any malware getting installed. With no access into the system, and with no knowledge of where exactly data is stored, there is no scope for any manipulation. In critical systems, the software itself is fused into “one time write” memory built into the CPU itself. It is not possible to change the program fused into the processor chip. It is anyway not possible to write a malware program or manipulate existing program without access to the low level software which is impossible in systems built with security in mind.
Further, the absence of OS or any external software components (especially the open source ones) significantly reduces the chances of any malicious program making its way stealthily into the build. Many of the earlier embedded systems, had hand written code in machine language that was directly burnt into EPROMs. Developers would write the source code in assembly language and then look up the manuals for machine code equivalents. These systems were very secure in the sense that nobody who got access to the EPROM could reverse engineer to figure out the functionality of the software. Later on very basic integrated development environment (IDE) tools allowed programs to be written in C language with debugging features. With time, the processors got more powerful with ever increasing clock speed (now running into GHz), multiple cores, integrated functions, and memory support. This enabled the introduction of Real Time Operating Systems (RTOS) that could allow responses to inputs in real time. Over time, the line between the open systems operating systems and the embedded ones has blurred, reason mainly attributed to the ever-increasing capability of the processors. Only very critical response sensitive equipment today function on real time operating systems. Others make do with embedded Linux or Android versions.
However, even if a developer with malicious intent wants to sabotage an embedded system to allow contents of memory to be manipulated through stealthily introducing code, the effort would be useless if the system has no external interface as a medium to ferry information. The Electronic Voting Machine (EVM) is one such secure system as is evident from the details available in the Election Commission of India website. It has no serial port, no ethernet port, no wifi, no USB, and no Bluetooth. It is impossible to hack into the EVM system by any intruder. Neither can the display be tampered with as it is controlled by software on the processor. Further there are protection measures to prevent physical intrusion and potential physical damage. However, technology can be made fool proof, but it is no guard against human deceit. This article tries to demystify technology hacking myths around such systems like the EVM but doesn’t delve on physical security issues, which belongs to a different domain. Systems can have specific features to gaurd against attempts to break open the system. But that belongs to the domain of physical security and is outside the scope of this electronics focused article. Paranoid minds can still entertain fears of security breach that are mostly imaginary and beyond the realm of physical possibilities. Imaginations can run wild and it is difficult to convince against thoughts that border on defying physical logic.
The intense debate on EVM, doesn’t automatically mean that the alternative – paper ballot boxes – were safe. Also, with the EVM subjected to so much scrutiny, online voting as a concept looks far, far and farther away ….
