USB Drives to Move Election Malware

From “Can Georgia’s electronic voting machines be trusted?“:

Though voting machines aren’t directly connected to the internet, witnesses testified last week that USB drives are used to transfer election data from internet-connected computers to election servers.

So, computers that are connected to the Internet are used to move data to the election servers. Malware can be used to reach those computers. The theory here is the election servers by not being on the Internet are more secure because they are “air-gapped.” However, Stuxnet eight years ago taught us: Not as much as once thought.

Stuxnet was never intended to spread beyond the Iranian nuclear facility at Natanz. The facility was air-gapped and not connected to the internet. That meant that it had to be infected via USB sticks transported inside by intelligence agents or unwilling dupes, but also meant the infection should have been easy to contain.

USB drives are the prime vector to contaminate air-gapped computers. It sounds like the election officials are aware because they added this claim to the article:

Election officials say security precautions protect voting machines from tampering. For example, a USB drive is reformatted every time before it’s plugged into an election server.

I find it unlikely they download data onto a USB drive, delete that data by formatting the USB drive, and only then insert the blank USB drive into an election server. It would be easier just to not use a USB drive at all. They probably mean they format the USB drive while it is in the potentially infected Internet-connected computer, which would not prevent malware from inserting itself onto the USB drive at the time the GEMs data is copied onto the USB drive.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: