A remote admin tool gives you access to the voting information system exactly how? Is a remote admin service actually listening? Is said remote admin service (port) actually responding to your source IP address?
I’m playing devil’s advocate here. Remember, my problem with this post is that it was declared that wireless access alone was enough to compromise the voting system. That is not necessarily the case. It would be NO DIFFERENT than an open wireless system being used to provide network connectivity between your workstation and your bank. Encryption via TLS does occur and a SEPARATE authentication is necessary to the bank’s web server in order to view and make changes. Just because the Wi-Fi access is open doesn’t necessarily mean anything as far as access to the information system.
If a PC has any type of internet connection (WIFI / 4G / Cable) then a RAT can give a remote attacker full control...full control as if you were physically sitting in front of the keyboard. Once the attacker has full control the rest is easy.
And yes the RAT method is just one way this could happen. Packet sniffing the open WIFI would probably also be used.
They could also use unknown exploits and backdoors which the NSA has already admitted they create with direct help of Microsoft.
Now I am wondering why the WIFI was set to 'open (no password)'. All modern WIFI gear comes with passwords already setup for you. They would surely have had to go in and change it to 'unsecure' manually.
Just shaking my head. Yes, the voting machine could be hacked. The voting machine could be manipulated completely if configured that way. That is not my point at all.
My point is that the OP claimed, please read the title of the post, that the mere fact that no password was required for the voting machine to get on Wi-Fi that the voting machine data could be altered. This is not a correct assertion. That is all. This has NOTHING to do with the security of the voting machines. This has NOTHING to do with if voting machines should have Internet access.
A remote admin tool gives you access to the voting information system exactly how? Is a remote admin service actually listening? Is said remote admin service (port) actually responding to your source IP address?
I’m playing devil’s advocate here. Remember, my problem with this post is that it was declared that wireless access alone was enough to compromise the voting system. That is not necessarily the case. It would be NO DIFFERENT than an open wireless system being used to provide network connectivity between your workstation and your bank. Encryption via TLS does occur and a SEPARATE authentication is necessary to the bank’s web server in order to view and make changes. Just because the Wi-Fi access is open doesn’t necessarily mean anything as far as access to the information system.
To your first rhetorical question:
It's not about "oh just anyone can do it", but rather "the ones who were given the keys could do it"
Who was given the keys?
If a PC has any type of internet connection (WIFI / 4G / Cable) then a RAT can give a remote attacker full control...full control as if you were physically sitting in front of the keyboard. Once the attacker has full control the rest is easy.
And yes the RAT method is just one way this could happen. Packet sniffing the open WIFI would probably also be used.
They could also use unknown exploits and backdoors which the NSA has already admitted they create with direct help of Microsoft.
Now I am wondering why the WIFI was set to 'open (no password)'. All modern WIFI gear comes with passwords already setup for you. They would surely have had to go in and change it to 'unsecure' manually.
Just shaking my head. Yes, the voting machine could be hacked. The voting machine could be manipulated completely if configured that way. That is not my point at all.
My point is that the OP claimed, please read the title of the post, that the mere fact that no password was required for the voting machine to get on Wi-Fi that the voting machine data could be altered. This is not a correct assertion. That is all. This has NOTHING to do with the security of the voting machines. This has NOTHING to do with if voting machines should have Internet access.