1
   

Worst Ever Security Flaw Found in Diebold TS Voting Machine

Forums: Politics
Email this Topic Print this Page
 
 
BumbleBeeBoogie
 
Reply Wed 2 Aug, 2006 09:35 am
Worst Ever Security Flaw Found in Diebold TS Voting Machine
By Alan Dechert Refere
BellaCiao.org
Monday 31 July 2006

Sacramento, California - "This may be the worst security flaw we have seen in touch screen voting machines," says Open Voting Foundation president, Alan Dechert. Upon examining the inner workings of one of the most popular paperless touch screen voting machines used in public elections in the United States, it has been determined that with the flip of a single switch inside, the machine can behave in a completely different manner compared to the tested and certified version.

"Diebold has made the testing and certification process practically irrelevant," according to Dechert. "If you have access to these machines and you want to rig an election, anything is possible with the Diebold TS - and it could be done without leaving a trace. All you need is a screwdriver." This model does not produce a voter verified paper trail so there is no way to check if the voter's choices are accurately reflected in the tabulation.

Open Voting Foundation is releasing 22 high-resolution close up pictures of the system. This picture, in particular, shows a "BOOT AREA CONFIGURATION" chart painted on the system board.

The most serious issue is the ability to choose between "EPROM" and "FLASH" boot configurations. Both of these memory sources are present. All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are physically present on the board. It is clear that this system can ship with live boot profiles in two locations, and switching back and forth could change literally everything regarding how the machine works and counts votes. This could be done before or after the so-called "Logic And Accuracy Tests".

A third possible profile could be field-added in minutes and selected in the "external flash" memory location, the interface for which is present on the motherboard.

This is not a minor variation from the previously documented attack point on the newer Diebold TSx. To its credit, the TSx can only contain one boot profile at a time. Diebold has ensured that it is extremely difficult to confirm what code is in a TSx (or TS) at any one time but it is at least theoretically possible to do so. But in the TS, a completely legal and certified set of files can be instantly overridden and illegal uncertified code be made dominant in the system, and then this situation can be reversed leaving the legal code dominant again in a matter of minutes.

"These findings underscore the need for open testing and certification. There is no way such a security vulnerability should be allowed. These systems should be recalled."
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 175 • Replies: 1
No top replies

 
Cycloptichorn
 
  1  
Reply Wed 13 Sep, 2006 10:34 pm
Diebold...? Thanks, but no thanks
Quote:
For immediate release: September 13, 2006

Media contact: Teresa Riordan, (609) 258-9754, [email protected]; Steven Schultz, (609) 258-3617, [email protected]

Researchers reveal 'extremely serious' vulnerabilities in e-voting machines

In a paper published on the Web today, a group of Princeton computer scientists said they created demonstration vote-stealing software that can be installed within a minute on a common electronic voting machine. The software can fraudulently change vote counts without being detected.[/size]

"We have created and analyzed the code in the spirit of helping to guide public officials so that they can make wise decisions about how to secure elections," said Edward Felten, the director of the Center for Information Technology Policy, a new center at Princeton University that addresses crucial issues at the intersection of society and computer technology.

The paper appears on the Web site for the Center for Information Technology Policy.


Here's the site for the paper:

http://itpolicy.princeton.edu/voting/

From the paper:

Quote:
Abstract This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks.


...

Quote:
For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious . We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.


If they can do it, others can do it.

It seems there is a growing possibility that there has been a certain amount of election tampering going on lately in the US...

Cycloptichorn
0 Replies
 
 

Related Topics

Obama '08? - Discussion by sozobe
Let's get rid of the Electoral College - Discussion by Robert Gentel
McCain's VP: - Discussion by Cycloptichorn
AMERICAN CONSERVATISM IN 2008 AND BEYOND - Discussion by Foxfyre
Food Stamp Turkeys - Discussion by H2O MAN
The 2008 Democrat Convention - Discussion by Lash
McCain is blowing his election chances. - Discussion by McGentrix
Snowdon is a dummy - Discussion by cicerone imposter
Fellow Bostonians: How many of us wished we had an assault weapon last night? - Question by maxdancona
What should be first on the agenda of the winner in November? - Discussion by Frank Apisa
TEA PARTY TO AMERICA: NOW WHAT?! - Discussion by farmerman
 
  1. Forums
  2. » Worst Ever Security Flaw Found in Diebold TS Voting Machine
Copyright © 2024 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 10/01/2024 at 10:20:28