Date: 04/05/2014

Subject: Fwd: Vulnerabilities of paperless EVMs

Date: 4 May 2014 17:53:20 GMT+01:00

To: undisclosed-recipients:;

Vulnerabilities of paperless EVMs:

Contrary to claims by Indian election authorities, these paperless EVMs suffer from significant vulnerabilities.

1. EVM Software Isn’t Safe

The electronic voting machines are safe and secure only if the source code used in the EVMs is genuine. Shockingly, the EVM manufacturers, the Bharat Electronics Limited (BEL) and Electronics Corporation of India (ECIL) have shared the ‘top secret’ EVM software programme with two foreign companies, Microchip (USA) and Renesas (Japan) to copy it onto microcontrollers used in EVMs. This process could have been done securely in-house by the Indian manufacturers. Worse, when the foreign companies deliver microcontrollers fused with software code to the EVM manufacturers, the EVM manufacturers cannot “read back” their contents as they are either OTP-ROM or masked chips. Amusingly, the software given to foreign companies is not even made available with the Election Commission, ostensibly for security reasons. With such ridiculous decisions, the Election Commission and the public sector manufacturers have rendered security of the EVMs a mockery. (GVL Narasimha Rao-

2. EVM hardware isn’t Safe

The danger for EVM manipulations is not just from its software. Even the hardware isn’t safe. Dr. Alex Halderman, professor of computer science in the University of Michigan says, “EVMs used in the West require software attacks as they are sophisticated voting machines and their hardware cannot be replaced cheaply. In contrast, the Indian EVMs can easily be replaced either in part or as wholesale units.” One crucial part that can be faked is microcontrollers used in the EVMs in which the software is copied. EVM manufacturers have greatly facilitated fraud by using generic microcontrollers rather than more secure ASIC or FPGA microcontrollers. Not just only microcontrollers, mother boards (cards which contain microcontrollers) and entire EVMs can be replaced. Neither the Election Commission nor the manufacturers have undertaken any hardware or software audit till date. As a result, such manipulation attempts would go undetected. To detect such fraud, the upgraded EVMs have a provision to interface with an Authentication Unit that would allow the manufacturers to verify whether the EVM being used in the election is the same that they have supplied to the Election Commission.

3. Vulnerability to hacking:

The Indian EVMs can be hacked both before and after elections to alter election results. Apart from manipulating the EVM software and replacing many hardware parts discussed above, Indian EVMs can be hacked in many ways. Two possibilities may be mentioned:-

Each EVM contains two EEPROMs inside the Control Unit in which the voting data is stored. They are completely unsecured and the data inside EEPROMs can be manipulated from an external source. It is very easy to read (data from) the EEPROMs and manipulate them (GVL Narasimha Rao-

The second and the most deadly way to hack Indian EVMs is by inserting a chip with Trojan inside the display section of the Control unit. This requires access to the EVM for just two minutes and these replacement units can be made for a few hundred rupees. Bypassing completely all inbuilt securities, this chip would manipulate the results and give out “fixed” results on the EVM screen. The Election Commission is completely oblivious to such possibilities. (

There are allegations that some “insiders” demanding vast sums (Rs. 5 Crore or more for each assembly constituency) to fix election results. Who are these insiders? Unlike in the traditional ballot system where only the election officials were the “insiders”, electronic voting machine regime has spawned a long chain of insiders, all of whom are outside the ambit and control of the Election Commission of India. There is every possibility that some of these “insiders” are involved in murky activities in fixing elections. The “insiders” include the public sector manufacturers of India’s electronic voting machines namely, the Bharat Electronics Limited (BEL) and Electronics Corporation of India (ECIL), the foreign companies supplying microcontrollers, private players (some of which are allegedly owned by some political leaders) for carrying out checking and maintenance of electronic voting machines during elections.(

A team of researchers showed precisely how a display component could be replaced with a fake substitute programmed to steal a percentage of the votes in favour of a chosen candidate. They also demonstrated how stored votes could be changed between the election and the public counting session, which in India, can be weeks later, with a pocket-sized device. The team, comprising Hyderabad-based NetIndia, Dr J Alex Halderman, professor & noted expert on electronic voting security from the University of Michigan and Holland-based security expert Rop Gonggrijp, was instrumental in the ban on EVMs in the Netherlands.

4. Which candidate to favour -Once the dishonest display is installed in an EVM (possibly months or years before the election), the attacker must communicate which candidate is to be favoured or disfavoured and by what margin. There are many different ways that attackers could send such a signal—various kinds of radios, secret combinations of key presses, or even by using the number of candidates on the ballot.

5. Stealing of Votes To steal votes, the attacker indicates his favoured candidate using the rotary switch, which selects a number from 0–9, and the attacker can use it to pick a favoured candidate in any of the first 9 ballot positions, which normally include the major national parties. When the switch is set to positions 1-9, the chip on the clip-on device executes a vote-stealing programme. The programme runs in two passes: first, it reads the list of votes and calculates how many votes to steal from each candidate, and second, it rewrites the list of votes, stealing votes as calculated in the first phase. Any time between the start of polling and the public count, dishonest election insiders or other criminals could use the clip-on device to change the votes recorded in the EVM. In India, counting sometimes takes place weeks after voting, so criminals could wait for an opportunity to tamper with the machines while they are in storage. In normal operation, the EVM limits the rate of voting to no more than 5 per minute. However, Clip-on device bypasses the software restrictions of the EVM, so an attacker is able to again forcibly take control of an EVM and stuff the electronic “ballot box” with any number of votes. These attacks are neither complicated nor difficult to perform, but they would be hard to detect or defend against.

6. Dishonest insiders or other criminals with physical access to the machines at any time before ballots are counted can insert malicious hardware that can steal votes for the lifetime of the machines. Attackers with physical access between voting and counting can arbitrarily change vote totals and can learn which candidate each voter selected.