Earlier this week, Ed Felten and J. Alex Halderman of Princeton University’s Information Technology Policy Department and of the Freedom to Tinker blog, revealed how to hack a Diebold ‘AccuVote’ touchscreen voting machine, untraceably falsifying election results with malicious code.
Today, Felten and Halderman really put in the boot.
Diebold maintains that there is a locked cover on the memory card port of the AccuVote TS to prevent tampering.
True. There’s definitely a lock.
However, the lock employed is a common hardware grade type, used on hotel mini-bars and filing cabinets. Replacement key copies to fit the Diebold can be ordered from office supply stores for about $8 per key, simply by quoting the number stamped on the face of lock. The Princeton video also showed that a key wasn’t always necessary as one member of the Princeton team could consistently pick the lock in under 10 seconds anyway.
Ed Felten comments:
Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.
The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.
Waiting for Diebold’s reply… and for a number of states to ban machines as easily exploitable as this one.
It’s not the people who vote that count… it’s the people who count the votes.
-(allegedly) Joseph Stalin
-weez
1 Comment so far
Leave a comment
[…] weezil at Machine Gun Keyboard keeps us up to date on the dastardly Diebold voting machines: in the last week not only have they been proven to be embarrasingly easy to untraceably tamper with electronically, but the much touted lock to prevent such tampering can be opened with an easily obtainable mini-bar key. Read, as they say, the whole thing. […]
Pingback by More Dieboldical machinations — Hoyden About Town 12.24.08 @ 8:49 pmLeave a comment
Fatal error: Uncaught Error: Call to undefined function show_subscription_checkbox() in /home/www/machinegunkeyboard.com/wp-content/themes/benevolence/comments.php:155 Stack trace: #0 /home/www/machinegunkeyboard.com/wp-includes/comment-template.php(1618): require() #1 /home/www/machinegunkeyboard.com/wp-content/themes/benevolence/index.php(28): comments_template() #2 /home/www/machinegunkeyboard.com/wp-includes/template-loader.php(106): include('/home/www/machi...') #3 /home/www/machinegunkeyboard.com/wp-blog-header.php(19): require_once('/home/www/machi...') #4 /home/www/machinegunkeyboard.com/index.php(17): require('/home/www/machi...') #5 {main} thrown in /home/www/machinegunkeyboard.com/wp-content/themes/benevolence/comments.php on line 155