IT (over three decades). You are Flat Out Wrong about “unless you have physical access” and you should know once you get into a system via the internet, you can control it. That means “manipulate and/or delete data”. This is not brain surgery - it’s SOP. I hope you just misunderstood the context, because otherwise ....
Access to the information system exactly how? It doesn’t matter if you can see the traffic flowing across the network if the traffic is encrypted at the application/session layer. You have no access to it. It doesn’t matter if your network access to the voting machine means that the voting machine refuses to accept admin connections from your IP address. Access control of management ports is STANDARD practice.
Please describe EXACTLY how you intend to gain access to a voting machine over the Internet that refuses to answer from your source IP address.
The attack surface is anything on the win10 based machine if you get privileged access via any number up exploits the sky is the limit you can do anything.... read memory directly... write to it... whatever you want. A lot of places had machines with admin interfaces using default passwords too although I don’t know for sure about this exact case. Either way it’s ridiculous if you really believe there is no way to gain control just because a network channel might be encrypted.
Again, I’m simply saying that the premise of the OPs assertion is that open access to Wi-Fi by the voting system = compromise of the voting system is just wrong.
Networking is built in layers. Just because the network is wide open and not encrypting traffic does not mean that the voting applications are wide open and not encrypting traffic. If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level. I would a limit administrative access only from a select number of trusted sources, if at all. Given the distributed nature of voting machines, I would rely upon an agent on the voting machines checking in with command and control (easy to do because of the way network address translation for IPv4 works) in order to receive orders rather than trying to figure out how to initiate contact access to voting machines that are very likely behind port translation (due to the use of IPv4).
Stuff gets compromised all the time. That is not my assertion. My assertion is that one cannot assume that the voting system is compromised simply because of how it connects to Wi-Fi. The OP’s premise is just wrong. Read the title of OP’s post.
Why do they keep lying and saying they were not online and so on then. These machines are horrible and many people have demonstrated many gaping security flaws that anyone with a user manual could exploit so the fact that they were on an unsecured network is not at all a good sign and absolutely opens the door to all sorts of nefarious activities. Not sure about MI but in many states it is illegal for them to be on WiFi period.
If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level.
1st - you assume there is app encryption. Are you sure ? No proves it isn't no proves it is.
2nd : being real killing blow to your bullshit - communication from is not important if you can compromise source machine. Without well configured firewall or so connection to wifi means not only output out,but also input in you dumb.
Even linux have exploits,and windows... windows is one big bug. If you can compromise voting machines you don't need to compromise application even. Viruses changing bank account number when people are using internet banking are quite popular. You infect voting machines and game over. App don't need to have changed even single bit,its communication too.
You simply don't need to change things going from from application,everyone is trying to explain it to you.
Access to the information system exactly how?
for example mstc.exe - by default it is said to be disabled,but once computers are for example serviced online it could be enabled. And I would suspect it enabled on voting machines.
IT (over three decades). You are Flat Out Wrong about “unless you have physical access” and you should know once you get into a system via the internet, you can control it. That means “manipulate and/or delete data”. This is not brain surgery - it’s SOP. I hope you just misunderstood the context, because otherwise ....
Access to the information system exactly how? It doesn’t matter if you can see the traffic flowing across the network if the traffic is encrypted at the application/session layer. You have no access to it. It doesn’t matter if your network access to the voting machine means that the voting machine refuses to accept admin connections from your IP address. Access control of management ports is STANDARD practice.
Please describe EXACTLY how you intend to gain access to a voting machine over the Internet that refuses to answer from your source IP address.
The attack surface is anything on the win10 based machine if you get privileged access via any number up exploits the sky is the limit you can do anything.... read memory directly... write to it... whatever you want. A lot of places had machines with admin interfaces using default passwords too although I don’t know for sure about this exact case. Either way it’s ridiculous if you really believe there is no way to gain control just because a network channel might be encrypted.
Again, I’m simply saying that the premise of the OPs assertion is that open access to Wi-Fi by the voting system = compromise of the voting system is just wrong.
Networking is built in layers. Just because the network is wide open and not encrypting traffic does not mean that the voting applications are wide open and not encrypting traffic. If I were building a voting application, I would assume the network is untrusted because I don’t control the networks they run on. I would encrypt everything at the application level and control access at the application level. I would a limit administrative access only from a select number of trusted sources, if at all. Given the distributed nature of voting machines, I would rely upon an agent on the voting machines checking in with command and control (easy to do because of the way network address translation for IPv4 works) in order to receive orders rather than trying to figure out how to initiate contact access to voting machines that are very likely behind port translation (due to the use of IPv4).
Stuff gets compromised all the time. That is not my assertion. My assertion is that one cannot assume that the voting system is compromised simply because of how it connects to Wi-Fi. The OP’s premise is just wrong. Read the title of OP’s post.
Why do they keep lying and saying they were not online and so on then. These machines are horrible and many people have demonstrated many gaping security flaws that anyone with a user manual could exploit so the fact that they were on an unsecured network is not at all a good sign and absolutely opens the door to all sorts of nefarious activities. Not sure about MI but in many states it is illegal for them to be on WiFi period.
1st - you assume there is app encryption. Are you sure ? No proves it isn't no proves it is.
2nd : being real killing blow to your bullshit - communication from is not important if you can compromise source machine. Without well configured firewall or so connection to wifi means not only output out,but also input in you dumb.
Even linux have exploits,and windows... windows is one big bug. If you can compromise voting machines you don't need to compromise application even. Viruses changing bank account number when people are using internet banking are quite popular. You infect voting machines and game over. App don't need to have changed even single bit,its communication too.
You simply don't need to change things going from from application,everyone is trying to explain it to you.
for example mstc.exe - by default it is said to be disabled,but once computers are for example serviced online it could be enabled. And I would suspect it enabled on voting machines.
https://www.welivesecurity.com/2013/09/16/remote-desktop-rdp-hacking-101-i-can-see-your-desktop-from-here/
https://www.beyondtrust.com/blog/entry/how-attackers-exploit-remote-desktop-6-ways-to-step-up-your-cyber-defense
https://blog.netop.com/how-to-protect-against-rdp-hack
Also : router settings or infesting router what allows for example redirecting movement.Once you are in the network you can try attack router.
"actual IT guy here"
After reading that Im not so sure.