The team of scientists from the Universities of California, San Diego, Michigan and Princeton employed “return-oriented programming” to force an electronic voting machine to turn against itself.

“Voting machines must remain secure throughout their entire service lifetime, and this study demonstrates how a relatively new programming technique can be used to take control of voting machine that was designed to resist takeover, but that did not anticipate this new kind of malicious programming,” said Hovav Shacham.

Shacham is professor of computer science at UC San Diego’s (UC-SD )Jacobs School of Engineering and study co-author. His study demonstrates that return-oriented programming can be used to execute vote-stealing computations by taking control of an EVM designed to prevent code injection.

The computer scientists had no access to the machine’s source code  when designing the demonstration attack. By using just the information that would be available to anyone who bought or stole a voting machine, the researchers addressed a common criticism made against voting security researchers: that they enjoy unrealistic access to the systems they study.