Diebold voting machine opens with $8 mini-bar key
Tuesday September 19th 2006, 4:38 pm

Earlier this week, Ed Felten and J. Alex Halderman of Princeton University’s Information Technology Policy Department and of the Freedom to Tinker blog, revealed how to hack a Diebold ‘AccuVote’ touchscreen voting machine, untraceably falsifying election results with malicious code.

Today, Felten and Halderman really put in the boot.

Diebold maintains that there is a locked cover on the memory card port of the AccuVote TS to prevent tampering.

True. There’s definitely a lock.

all the security of a mini-bar

However, the lock employed is a common hardware grade type, used on hotel mini-bars and filing cabinets. Replacement key copies to fit the Diebold can be ordered from office supply stores for about $8 per key, simply by quoting the number stamped on the face of lock. The Princeton video also showed that a key wasn’t always necessary as one member of the Princeton team could consistently pick the lock in under 10 seconds anyway.

Ed Felten comments:

Using such a standard key doesnít provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Dieboldís use of encryption ó they can say they use encryption, but they use it in a way that neutralizes its security benefits.

The bad guys donít care whether you use encryption; they care whether they can read and modify your data. They donít care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesnít work in the field.

Waiting for Diebold’s reply… and for a number of states to ban machines as easily exploitable as this one.

It’s not the people who vote that count… it’s the people who count the votes.

-(allegedly) Joseph Stalin

-weez


1 Comment so far
Leave a comment

[...] weezil at Machine Gun Keyboard keeps us up to date on the dastardly Diebold voting machines: in the last week not only have they been proven to be embarrasingly easy to untraceably tamper with electronically, but the much touted lock to prevent such tampering can be opened with an easily obtainable mini-bar key. Read, as they say, the whole thing. [...]

Pingback by More Dieboldical machinations — Hoyden About Town 12.24.08 @ 8:49 pm



Leave a comment

(required)

(required)