Everything you need to know about EVMs, can they be hacked?

Author: Hammad Abbasi

The Ministry of Science and Technology has announced the Rs 1 million award for hacking the EVM – Electronic Voting Machine. On the other hand, the ECP has produced 37 objections against the use of EVMs in general elections. It seems that the tug of war between the Government and the Election Commission would continue for some time before any consensus is reached. The opposition and ECP are on the same page when it comes to protecting the sanctity of traditional paper balloting – regardless of how error-prone and controversial the existing system is.

However, no one seems to be in a mood to appreciate the efforts that have been put in, and instead of evaluating it from a technical standpoint, questions are being asked that are based on mere assumptions.

So here’s the million rupee question – Can the EVMs be hacked?

The answer is Yes and No.

Here’s the detailed explanation – The Pakistani prototype for the EVM seems very similar to the Indian version which works in a similar fashion. It has two units joined by a cable, a control unit (operated by the polling officers), and a balloting unit (used by the voters).

The balloting unit has the labeled buttons and the voters may simply press the button corresponding to the candidate of their choice. The system is powered by a battery inside the control unit. The control unit stores the voting count and displays the result on 7 segments LED displays. EVMs use the CPU and EEPROM memory chips that store the data. The CPU has firmware etched permanently at the time of manufacturing by the manufacturer. No one (including the manufacturer) could change the firmware later. Both units operate in a ‘disconnected mode’, meaning they don’t have any wireless or wired internet components and interfaces –  Leaving any remote or software hacking out of the equation.

Modern EVMs now incorporate VVPAT (Voter Verified Paper Audit Trail) which provides a printout to every voter so they can check the symbol for the party they voted for. With this system, when a vote is cast, it is recorded in the memory of the control unit and at the same time, a barcode with vote data is printed out which is stored separately. The election commission can perform rechecking at any time to verify the authenticity of the vote cast.

The voter’s identity is kept anonymous with the help of barcodes. This fool-proof approach ensures that if ‘somehow the EVM is tampered or malfunctioned, there will still be a way to verify every vote using the VVPAT. So how EVM can be hacked? There are some possibilities but they require physical access in order to tamper with the machine state.

As the firmware can’t be reprogrammed, the attacker has very few options. For instance, attach additional hardware to the Control Unit’s circuit board or entirely substitute the look-alike circuit boards. The Additional hardware could intercept the EEPROM chips that record the voter’s data ( which is not stored cryptographically). Another option would be to use a ‘Dishonest Display’ with a hidden microcontroller to intercept the total votes and substitute fraudulent results.

The odds of someone actually going through all the troubles of evading the institutions, system checks, safeguard procedures, and security protocols to get physical access to install or replace the hardware on thousands of machines  – are minuscule. And with VVPAT all such efforts will be futile anyway.

One might argue then what about the manufacturer’s bias? If they decided to write a program that favors some candidate?  Well, with VVPAT in place that won’t work too and will be caught on the spot. However, procedures can be placed to avoid it in the first place, for instance, in India the candidate ordering (The final ballot positions) are only known a few weeks before the election – this way any malicious software in the EVM would have no means of knowing which candidate to favor. And hence, there would be no bias in the program at the time of manufacture of the chip.

Furthermore, countermeasures like fail-safe mechanisms, mock-trials, tamper-evident seales, S.O.Ps for storage and distribution can make the EVMs tamper-proof. With VVPAT, it adds an extra layer of confidence in electronic voting. Unlike traditional paper balloting, It’s cost-effective in the long run, results could be delivered in a matter of 2-3 hours and there will be no invalid votes (which usually become the deciding factor in many constituencies). No more fake paper ballots and it removes the human error or fraud in counting the results. It’s surprising to see the very institution that was supposed to bring reforms, is resisting to embrace technology and automation – which is the only way to bring about an end to the fraud and rigging during elections.

Share
Leave a Comment

Recent Posts

  • Lifestyle

The Black Crowes enjoy Grammy Awards love again decades after first nomination

The first time Chris and Rich Robinson were at the Grammy Awards, it was 1991.…

9 hours ago
  • Lifestyle

Aagha Ali wishes Hina Altaf ‘happiness’ and ‘success’

Renowned Pakistani television actor and host Aagha Ali recently opened up about his divorce from…

9 hours ago
  • Lifestyle

‘Comedy Nights with Kapil’ was the biggest mistake of my life: Naseem Vicky

Pakistan's renowned theatre actor and comedian Naseem Vicky expressed his regret in doing 'Comedy Nights…

9 hours ago
  • Lifestyle

Neha Kakkar praises Pakistani fans, wants to collaborate with Asim Azhar

Renowned Indian playback singer Neha Kakkar has expressed her admiration for Pakistani fans and voiced…

9 hours ago
  • Lifestyle

Diljit Dosanjh beats Shahrukh Khan and Allu Arjun in UK Top 50 Asian Celebrities list

Riding on the newest high of his career, with the massive success of his global…

9 hours ago
  • Lifestyle

Javed Sheikh celebrates 50 years in showbiz with friends

Javed Sheikh has been a part of the industry for five decades. He recently celebrated…

9 hours ago