Diebold voting machines: hacked in minutes

Started by TehBorken, May 12 06 05:50

Previous topic - Next topic

TehBorken

Diebold voting machines can be 0wned in minutes        

Diebold's [a href="vny!://www.eff.org/legal/ISP_liability/OPG_v_Diebold/20031201_eff_pr.php"]notoriously insecure  voting machines[/a] -- in use across the USA -- have been found to have an even deeper vulnerability than previously known. A new [a href="vny!://www.blackboxvoting.org/BBVtsxstudy.pdf"]report by Harri Hursti[/a], released on [a href="vny!://blackboxvoting.org/"]BlackBoxVoting[/a], documents how an attacker with a few moments' of private physical access to a machine could compromise it and load it with his own software, compromising every function of the machine, including the ability to count votes. Ed Felten and Avi Rubin have written an excellent summary and analysis of the Hursti paper and published it on Freedom to Tinker -- if you give a damn about whether your vote gets counted in 2006, read this now.[/p][hr style="width: 100%; height: 2px;"][font style="font-weight: bold;" size="4"]Report Claims Very Serious Diebold Voting Machine Flaws
[/font]
[small]Thursday May 11, 2006 by Ed Felten [/small]                           [This entry was written by [a href="vny!://www.avirubin.com/"]Avi Rubin[/a] and Ed Felten.][/p] A report by Harri Hursti, [a href="vny!://www.blackboxvoting.org/BBVtsxstudy.pdf"]released[/a] today at BlackBoxVoting, describes some very serious security flaws in Diebold voting machines. These are easily the most serious voting machine flaws we have seen to date — so serious that Hursti and BlackBoxVoting decided to redact some of the details in the reports. (We know most or all of the redacted information.) Now that the report has been released, we want to help people understand its implications.[/p] Replicating the report's findings would require access to a Diebold voting machine, and some time, so we are not in a position to replicate the findings at this time. However, the report is consistent with everything we know about how these voting machines work, and we find it very plausible. Assuming the report is accurate, we want to summarize its lessons for voters and election administrators.[/p] [h3]Implications of the Report's Findings[/h3] The attacks described in Hursti's report would allow anyone who had physical access to a voting machine for a few minutes to install malicious software code on that machine, using simple, widely available tools. The malicious code, once installed, would control all of the functions of the voting machine, including the counting of votes.[/p] Hursti's findings suggest the possibililty of other attacks, not described in his report, that are even more worrisome.   [/p] In addition, compromised machines would be very difficult to detect or to repair. The normal procedure for installing software updates on the machines could not be trusted, because malicious code could cause that procedure to report success, without actually installing any updates. A technician who tried to update the machine's software would be misled into thinking the update had been installed, when it actually had not. [/p] On election day, malicious software could refuse to function, or it could silently miscount votes.  [/p] [h3]What can we do now?[/h3] Election officials are in a very tough spot with this latest vulnerability. Since exploiting the weakness requires physical access to a machine (although access to one machine could result in successful attacks against many machines), physical security is of the utmost importance. All Diebold Accuvote machines should be sequestered and kept under vigilant watch. This measure is not perfect because it is possible that the machines are already compromised, and if it was done by a clever attacker, there may be no way to determine whether or not this is the case. Worse yet, the usual method of patching software problems cannot be trusted in this case.[/p] Where possible, precincts planning on using these machines should consider making paper backup systems available to prepare for the possibility of widespread failures on election day. The nature of this technology is that there is really no remedy from a denial of service attack, except to have a backup system in place. While voter verified paper trails and proper audit can be used to protect against incorrect results from corrupt machines, they cannot prevent an attack that renders the machines non-functional on election day.[/p] Using general purpose computers as voting machines has long been criticized by computer scientists. This latest vulnerability highlights the reasoning behind this position. This attack is possible due to the very nature of the hardware on which the systems are running. Several high profile studies failed to uncover this. With the current technology, there is no way to account for all the ways that a system might be vulnerable, and the discovery of a problem of this magnitude in the midst of primary season is the kind of scenario we have feared all along. [/p] [h3]Timeline and Perspective[/h3] This is not the first time Diebold has faced serious security issues — though this problem appears to be the worst of them all. Here is a capsule history of Diebold security studies:[/p] 2001: Doug Jones produces a report highlighting design flaws in the machines that became the Diebold touchscreen voting machines.
 July 24, 2003: Hopkins/Rice study finds many security flaws in Diebold machines, including ones that were pointed out by Doug Jones.
 September 24, 2003: SAIC study finds serious flaws in Diebold voting machines. 2/3 of the report is redacted by the state of Maryland.
 November 21, 2003: Ohio's Compuware and InfoSentry reports find critical flaws in Diebold touchscreen voting machines
 January 20, 2004: RABA study finds serious security vulnerabilities in Diebold touchscreen voting machines.
 November, 2004: 37 states use Diebold touchscreen voting machines in general election.
 March,  2006: Harri Hursti reports the most serious vulnerabilities to date discovered.[/p] None of the previously published studies uncovered this flaw. Did SAIC? It might exist in the unredacted report, but to date, nobody outside of Maryland officials and SAIC has been able to see that report. [/p] We believe that the question of whether DREs based on commodity hardware and operating systems should ever be used in elections needs serious consideration by government and election officials. As computer security experts, we believe that the known dangers and potentially unknown vulnerabilities are too great. We should not put ourselves in a position where, in the middle of primary season, the security of our voting systems comes into credible and legitimate question. [/p]

  [a href="vny!://www.freedom-to-tinker.com/?p=1014"]Link[/a]      
The real trouble with reality is that there's no background music.

Trollio

All good points, but voter fraud is as old as the ballot itself.
 
 IMHO, while I love the convenience, computers are not yet a good way to conduct elections, because the fact that the machines are only understood by a microscopic minority of the voters makes the process inherently obscurantist.
 
 Better to have old-fashioned paper ballots watched and guarded by real humans, and which, in the event of questions or counting, can be visibly seen and understood by even a child. You can't fight a computer that was visited by an unseen hacker; on the other hand, if a ballot box filled with paper ballots is tampered with, there's going to be some screaming and possibly fisticuffs. Ugly perhaps, but so is real democracy.
 
 
   
one must be intelligent to get intelligent answers.
— bebu