Granted they disclose that its a simplistic attack but what they do not explain is that it is neither practical nor is it complete... The attack is based on intercepting and modifying the voltage signals coming from the touchscreen (voltage,not data...) and cutting power to the LCD. This allows them to do the following:
1. read the (X,Y) position of a user touch event
2. send a false position report on to the voting machine
3. blank the screen,
The problem is what they are NOT doing... They are not reading the output to the LCD which means they have no way of knowing the context of the button presses. e.g. they know the user is pressing at position (X,Y) but they dont know what menu screen is currently being displayed... is it the login screen? the voting screen, which candidate race? To do this they need to be tapped into the VGA/DVI output data to the LCD and you can do that with $10 in components.. you probabaly cant do it for $100, and you certainly need a pretty decent coding/hardware design/reverse engineering skillset to succeed.
This is fearmongering that is masquerading as security research (and poor research at that..) If the goal was to impart the message that a physically unprotected machine is vulnerable to tampering then i guess they got that message across, but its not like we did not already know this...
Finally if you want to create a devastatingly sucessful undetectable hardware attack, you do not bother with i/o.. you use boundary scan and the JTAG/BDM port.