Critical Security Hole Found in Diebold Machines 306
ckswift writes "From security expert Bruce Schneier's blog, a major security hole has been found in Diebold voting machines." From the article: "The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide. Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways."
Black Box Voting & The Details (Score:5, Interesting)
Well, this seems very insecure to me. BBV criticizes the three layer architecture and states that it would be very easy to target it three different ways [bbvforums.org] (at each layer):
The article talks about a "standard tool you can buy at any computer store" and I believe this is referring to a PCMCIA card (what you use in laptops). I guess these are used to boot, upgrade & ready the machines for use. They do not go into detail but I wager that using a PCMCIA card with a USB port on it, you could load your own data from a thumb/pen drive. This would be small and easy to carry in. If you had access to it outside of the voting window, you could potentially use a PCMCIA card that functions as a NIC (probably with RJ45 cable port) to use cross over cable and a laptop for a 'live' attack.
The Diebold Chronicles (Score:5, Interesting)
A Finnish computer expert working with Black Box Voting, a nonprofit organization critical of electronic voting, found the security hole in March after Emery County, Utah, was forced by state officials to accept Diebold touch screens, and a local elections official let the expert examine the machines.
Black Box Voting was to issue two reports today on the security hole, one of limited distribution that explains the vulnerability fully and one for public release that withholds key technical details.
The computer expert, Harri Hursti, quietly sent word of the vulnerability in March to several computer scientists who advise various states on voting systems. At least two of those scientists verified some or all of Hursti's findings. Several notified their states and requested meetings with Diebold to understand the problem.
Oh, those plucky Finns and the trouble they cause...
Does anybody get the idea that Diebold simply threw these machines together, cobbled the code together from stuff lying around the shop, slapped some paint on them, and expected states to use them no questions asked? You would think somewhere along the line, someone would have stood up at a development meeting and said, "we'd better make sure these things are secure."
Diebold will of course now hem, haw, blame others, attack the media and anti-electronic voting groups, and reluctantly fix the problem. Just in time for the next one to crop up. Do they have any competition in this market? I don't hear a lot about other companies creating voting machines -- either there aren't any or they do a lot better job.
Diabold makes ATMs as well (Score:2, Interesting)
This is scary.
Re:What I would like to know..! (Score:5, Interesting)
Why does Diebold design these machines in such a way that they *CAN* be hacked?
Simple. Because that is their intention.
Acccuse me of left-wing moonbattery all you like, but the fact remains that Diebold has shown themselves to be capable of making reasonably secure ATM machines. There's no defense by incompetence available to them. These ridiculous security holes can only be intentional.
Re:Black Box Voting & The Details (Score:3, Interesting)
Bad idea IMHO. This allows another attack vector: Just modify the connection from the thin client to the server.
Diebold's proprietary issues (Score:2, Interesting)
Most of the articles I have read, including this one, point to the fact that it can only be done by someone who knows how the system works and has the correct tools, lending some politicos (including Diebold reps) to say that they really aren't that vulnerable at all or that the problem is not serious. But stakeholders in elections results are precisely the people who could have someone in-the-know and with the correct tools manipulate the results just enough to tip the scales in one candidates favor or another. California realized this and dumped Diebold. Close elections happen all the time, so possible (even plausible) scenarios are not to hard to imagine. If a Diebold machine can be rerogrammed or altered for voting results, even the "verifiable paper trail" could be made to print out alternative results (for those who don't bother to look at the print-out window).
As an Ohio voter who has used one of these machines, I think I am going to have to vote absentee from now on, since a newly passed Ohio law permits me to do so far any reason at all (e.g. I dont want to vote on a vulnerable touch screen machine).
For me, this is one more poignient example of how proprietary voting technology leaves room for problems and the need for transparency with it by proper (preferably Federal) legislation.
Re:It's not a bug, it's a feature! (Score:1, Interesting)
Frankly, speaking as a solid hard-right conservative, I'd prefer to use paper ballots and inked fingers. Seems to work a helluva lot better than the crap we've been using for the past 20+ years.
You also wouldn't have to worry about people voting twice in different districts either. Though Democrats can always rely on dead people to send in their absentee ballots.
spam word: "suffrage". Rather appropriate.
Why not use bingo markers. (Score:3, Interesting)
To reduce errors you'd have to have a few rules: first, no corrections. If you fuck up, new ballot for you. (I'd prefer if you fuck up, no vote for you, but I'm guessing that won't fly.) Second, the marks have to be very distinct. That's why I'd use bingo blotters. They're like really huge magic markers that basically soak through the paper. Every old fart knows how to use one, and you could make them have to color in a fairly substantial area (like a square inch or larger) so that they can't just accidentally touch the blotter to the paper. Important elections (Presidential, Governor, etc.) go on rather largish sheets of paper, and each candidate gets a big area, with dead space in between the marking areas for each candidate equal to 5x the diameter of the marking area. So even if you're a real retard and don't color inside the lines, you've still got a lot of ways to go before you get over to the next candidate's box.
Also, there would be a test box. Just a blank box in the corner that you'd fill out, in order to make sure your marker was working and that you had the hang of things. Also, it gives the reader (human or machine) a comparison point to see what their actual marks will probably look like. (E.g. "Oh, this idiot only likes to circle the box, instead of filling it in; that's why the machine didn't read it.")
Perhaps most importantly, the indicative boxes that you mark are not placed symmetrically on the page. That is, they are placed so that they're not the same distance from the top as they are to the bottom, or from the left as on the right. This is important, since it means you can read the ballot electronically without having to orient them in one way or the other, just by measuring the distance from the mark to the edges of the sheet.
Then, use a dye in the blotters that's UV-reflective (or UV absorbent). That way they're very distinctive and easy to read through a scanning system. I'm pretty sure any pigment based marker/blotter would work here. These systems are already in existence -- the postal service uses them for automatically canceling stamps on letters (stamps are UV reflective). But the point is you can OCR them by just looking at the position on the page of the marks, you don't need punchcard-style index corners (although we'd have those too, for extra security).
I think the other thing that would help is if you gave the election officials more time between voting day and when they were expected to certify the results. Like two weeks, at a minimum. There's really no reason people should be rushing with this. Back the election up a little ways if need be, but the idea that the polls should close at 8pm and the results should be certified by 10pm is crap, and it can only lead to bad things happening ("oops! Look at this, we forgot a box of ballots! Oh, well, too late now!"). Elections are too important to rush through.
Re:Black Box Voting & The Details (Score:2, Interesting)