These Machines were being managed by a Win10 system certified in March 2020 using an image deployed in February. Not a single asset was updated past August 2020.
Wifi access is not the same as Direct Access unless you’re claiming a vulnerability enables an attacker access that they would not otherwise have remotely.
Wireless access IS direct access if you know what youre doing.
It doesn't require vulnerabilities or 0day. Do you even know what a RAT (remote admin tool) is?
A RAT and wireless access gives a remote user full control over the entire system. Attacker can even remotely take over your mouse control and act like he was physically sitting at the terminal
Connecting to a hotspot does not necessarily mean anything at all about security vulnerabilities of either system. A property maintained system should have no issue, either for the network system itself being connected to or especially the systems connected to the internet through it.
This is a different thing entirely if what is being connected to is a local intranet network although from what I'm reading, that's not what is being described here. Such a connection would leave you open to much more vulnerabilities but a simple internet connection doesn't give you backend access to a device unless it's specifically set up that way.
Regardless, these machines shouldn't be connected to the internet at all, that way vulnerabilities become almost non-existent outside of some crazy CIA trojan that would phish for a specific device. They did this to disrupt nuclear reactors in Iran by destroying some Siemens devices hooked up to them, eventually an Iranian scientist hooked up to the local network with an infected laptop and it was unleashed on the broader system that wasn't connected to the internet.
I agree, A ssid implies it is talking IEEE 802.11 something something. It doesn't imply it is on anything more than a LAN tho. Still suspicious. However, doesn't say it was a ballot machine, and also all the machines in WI had paper prints that people could verify and audit. Were they in this case?
A remote admin tool gives you access to the voting information system exactly how? Is a remote admin service actually listening? Is said remote admin service (port) actually responding to your source IP address?
I’m playing devil’s advocate here. Remember, my problem with this post is that it was declared that wireless access alone was enough to compromise the voting system. That is not necessarily the case. It would be NO DIFFERENT than an open wireless system being used to provide network connectivity between your workstation and your bank. Encryption via TLS does occur and a SEPARATE authentication is necessary to the bank’s web server in order to view and make changes. Just because the Wi-Fi access is open doesn’t necessarily mean anything as far as access to the information system.
IT (over three decades). You are Flat Out Wrong about “unless you have physical access” and you should know once you get into a system via the internet, you can control it. That means “manipulate and/or delete data”. This is not brain surgery - it’s SOP. I hope you just misunderstood the context, because otherwise ....
Access to the information system exactly how? It doesn’t matter if you can see the traffic flowing across the network if the traffic is encrypted at the application/session layer. You have no access to it. It doesn’t matter if your network access to the voting machine means that the voting machine refuses to accept admin connections from your IP address. Access control of management ports is STANDARD practice.
Please describe EXACTLY how you intend to gain access to a voting machine over the Internet that refuses to answer from your source IP address.
The attack surface is anything on the win10 based machine if you get privileged access via any number up exploits the sky is the limit you can do anything.... read memory directly... write to it... whatever you want. A lot of places had machines with admin interfaces using default passwords too although I don’t know for sure about this exact case. Either way it’s ridiculous if you really believe there is no way to gain control just because a network channel might be encrypted.
Again, I’m simply saying that the premise of the OPs assertion is that open access to Wi-Fi by the voting system = compromise of the voting system is just wrong.
Networking is built in layers. Just because the network is wide open and not encrypting traffic does not mean that the voting applications are wide open and not encrypting traffic. If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level. I would a limit administrative access only from a select number of trusted sources, if at all. Given the distributed nature of voting machines, I would rely upon an agent on the voting machines checking in with command and control (easy to do because of the way network address translation for IPv4 works) in order to receive orders rather than trying to figure out how to initiate contact access to voting machines that are very likely behind port translation (due to the use of IPv4).
Stuff gets compromised all the time. That is not my assertion. My assertion is that one cannot assume that the voting system is compromised simply because of how it connects to Wi-Fi. The OP’s premise is just wrong. Read the title of OP’s post.
You would have nothing unless you have physical access to the voting machines themselves. That is NOT what this post was declaring.
Is physical access “game over”. I agree for the most part. (unless the target is encrypted, etc.). But that is NOT was this post was declaring.
I have 20 years of IT experience. Don’t claim to be an “Actual IT guy”.
Wifi Access is the same as Direct Access.
These Machines were being managed by a Win10 system certified in March 2020 using an image deployed in February. Not a single asset was updated past August 2020.
That took me 2 minutes.
Wifi access is not the same as Direct Access unless you’re claiming a vulnerability enables an attacker access that they would not otherwise have remotely.
You are talking out of your ass.
Wireless access IS direct access if you know what youre doing.
It doesn't require vulnerabilities or 0day. Do you even know what a RAT (remote admin tool) is?
A RAT and wireless access gives a remote user full control over the entire system. Attacker can even remotely take over your mouse control and act like he was physically sitting at the terminal
This is all correct and doesn't even mention man in the middle attacks.
Voting machines don't need WiFi. They only need to count...
Connecting to a hotspot does not necessarily mean anything at all about security vulnerabilities of either system. A property maintained system should have no issue, either for the network system itself being connected to or especially the systems connected to the internet through it.
This is a different thing entirely if what is being connected to is a local intranet network although from what I'm reading, that's not what is being described here. Such a connection would leave you open to much more vulnerabilities but a simple internet connection doesn't give you backend access to a device unless it's specifically set up that way.
Regardless, these machines shouldn't be connected to the internet at all, that way vulnerabilities become almost non-existent outside of some crazy CIA trojan that would phish for a specific device. They did this to disrupt nuclear reactors in Iran by destroying some Siemens devices hooked up to them, eventually an Iranian scientist hooked up to the local network with an infected laptop and it was unleashed on the broader system that wasn't connected to the internet.
I agree, A ssid implies it is talking IEEE 802.11 something something. It doesn't imply it is on anything more than a LAN tho. Still suspicious. However, doesn't say it was a ballot machine, and also all the machines in WI had paper prints that people could verify and audit. Were they in this case?
A remote admin tool gives you access to the voting information system exactly how? Is a remote admin service actually listening? Is said remote admin service (port) actually responding to your source IP address?
I’m playing devil’s advocate here. Remember, my problem with this post is that it was declared that wireless access alone was enough to compromise the voting system. That is not necessarily the case. It would be NO DIFFERENT than an open wireless system being used to provide network connectivity between your workstation and your bank. Encryption via TLS does occur and a SEPARATE authentication is necessary to the bank’s web server in order to view and make changes. Just because the Wi-Fi access is open doesn’t necessarily mean anything as far as access to the information system.
IT (over three decades). You are Flat Out Wrong about “unless you have physical access” and you should know once you get into a system via the internet, you can control it. That means “manipulate and/or delete data”. This is not brain surgery - it’s SOP. I hope you just misunderstood the context, because otherwise ....
Access to the information system exactly how? It doesn’t matter if you can see the traffic flowing across the network if the traffic is encrypted at the application/session layer. You have no access to it. It doesn’t matter if your network access to the voting machine means that the voting machine refuses to accept admin connections from your IP address. Access control of management ports is STANDARD practice.
Please describe EXACTLY how you intend to gain access to a voting machine over the Internet that refuses to answer from your source IP address.
The attack surface is anything on the win10 based machine if you get privileged access via any number up exploits the sky is the limit you can do anything.... read memory directly... write to it... whatever you want. A lot of places had machines with admin interfaces using default passwords too although I don’t know for sure about this exact case. Either way it’s ridiculous if you really believe there is no way to gain control just because a network channel might be encrypted.
Again, I’m simply saying that the premise of the OPs assertion is that open access to Wi-Fi by the voting system = compromise of the voting system is just wrong.
Networking is built in layers. Just because the network is wide open and not encrypting traffic does not mean that the voting applications are wide open and not encrypting traffic. If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level. I would a limit administrative access only from a select number of trusted sources, if at all. Given the distributed nature of voting machines, I would rely upon an agent on the voting machines checking in with command and control (easy to do because of the way network address translation for IPv4 works) in order to receive orders rather than trying to figure out how to initiate contact access to voting machines that are very likely behind port translation (due to the use of IPv4).
Stuff gets compromised all the time. That is not my assertion. My assertion is that one cannot assume that the voting system is compromised simply because of how it connects to Wi-Fi. The OP’s premise is just wrong. Read the title of OP’s post.
"actual IT guy here"
After reading that Im not so sure.