In a collaborative study, a team of Indian and international experts had revealed – way back in 2010 – that the electronic voting machines (EVMs) used in Indian elections are vulnerable to fraud.

These research findings are at odds with claims made by the Election Commission of India, which has maintained that weaknesses found in other electronic voting systems around the world do not apply to India’s EVMs.

In a video, the researchers showed two demonstration attacks against a real Indian EVM. One attack involved replacing a small part of the machine with a look-alike component that can be silently instructed to steal a percentage of the votes in favor of a chosen candidate. These instructions can be sent wirelessly from a mobile phone.

Another attack used a pocket-sized device to change the votes stored in the EVM between the election and the public counting session.

This study was performed by researchers at NetIndia, (P)Ltd. in Hyderabad, the University of Michigan in the United States, and at a non-profit in the Netherlands that specializes in electronic voting related issues.

The researchers were also surprised to find that the vote-counting software in the EVMs is programmed into so-called “mask programmed microcontrollers,” which do not allow the software to be read out and verified. Because these chips are made in the US and Japan, this has led to a situation in which nobody in India knows for sure what software is in these machines or whether it counts votes accurately.

Hari Prasad is a computer engineer and managing director of NetIndia, a Hyderabad-based technology firm. Prasad organized the study and says the findings are the culmination of a seven month investigation.

“Everywhere I looked there were more security problems. I am glad that with the presentation of this work, the debate over whether India’s EVMs are secure is over. We need to look forward now. India deserves a transparent election process, which these machines simply cannot deliver.”

Rop Gonggrijp, a security researcher from the Netherlands, also took part in the study. “Never mind what election officials say, this research once again shows that the longstanding scientific consensus holds true—DRE voting machines are fundamentally vulnerable. Such machines have already been abandoned in Ireland, the Netherlands, Germany, Florida and many other places. India should follow suit,” Gonggrijp said.

Gonggrijp continues: “In order to have any transparency in elections, you need to have votes on paper. Computers can be programmed to count votes honestly, but since nobody can watch them, they might just as easily be programmed to count dishonestly. How is the voter supposed to tell the difference?”

Professor J. Alex Halderman of the University of Michigan helped develop the new attacks along with his students. “Almost every component of this system could be attacked to manipulate election results,” says Dr. Halderman.

The Supreme Court of India had earlier asked the Election Commission to consider using VVPAT (Voter-verified paper audit trail) machines, in which on pressing of each vote, a paper receipt is printed, which is visible to the voters inside a glass but cannot be taken out of the machine.

The Election Commission had asked for manufacture of over 1,00,000 VVPAT machines for use during the elections in Uttar Pradesh, Punjab, Uttarakhand, Goa and Manipur – the results of which were announced on Saturday and the BJP swept the UP poll.

Significntly, the Lawyers For Human Rights International (LFHRI) had alleged even before the elections were held that the EC had made only 22,603 VVPATs available and that the rest of the machines supplied to these five states were not tamper proof.

Read the full technical report: https://indiaevm.org/paper.html