More Flaws Discovered in Diebold Voting Machines
- From: "John/IZE" <cookacooka@xxxxxxxxxxxxx>
- Date: Thu, 14 Sep 2006 16:09:09 -0400
It seems that yet even more flaws have been discovered in the Diebold
voting machines. As if the previous set of problems were not enough this
just adds more fuel to the debate. Clearnly these machines are not
anywhere near ready for critical usage such as national elections.
http://arstechnica.com/news.ars/post/20060913-7735.html
Researchers find (more) severe flaws in Diebold voting machines
9/13/2006 2:50:50 PM, by Ryan Paul
A group of Princeton computer scientists has published a study that
examines flaws and vulnerabilities in Diebold's AccuVote-TS voting
machines. Complete with a video that demonstrates the ease with which the
electronic voting machine can be compromised, the study provides chilling
insight into the serious risk of election tampering and fraud created by
modern voting technology. The vote-stealing demonstration software
developed by the computer scientists "can modify all of the records, audit
logs, and counters kept by the voting machine, so that even careful
forensic examination of these records will find nothing amiss."
The study reveals that "[m]alicious software running on a single voting
machine can steal votes with little if any risk of detection," and that
the software can be installed on a voting machine in only a minute by
anyone that has physical access. The study also discovered that Diebold's
AccuVote-TS systems can be targeted by self-propagating viruses "that can
spread malicious software automatically and invisibly from machine to
machine during normal pre- and post-election activity." The computer
scientists conclude that defects are present in the hardware of the
AccuVote-TS as well as the software. Although some issues can be mitigated
by software updates, the machines themselves will have to be replaced in
order to eliminate some of the problems identified by the study.
The AccuVote-TS machines are designed to automatically install code from a
removable memory card during the boot process. A virus embedded in a
bootloader image file stored on a memory card will automatically infect
any machine that is booted while the card is inserted. The virus written
by the Princeton experts will automatically install itself on every memory
card inserted into the machine during subsequent boot processes. So, when
a technician tries to update an infected system, the memory card
containing the update will be altered and the virus will be passed on to
any other voting machine that the technician tries to update from that
memory card.
The paper suggests several ways to mitigate potential voting machine
problems. Requiring that all updates be digitally signed could potentially
prevent unauthorized software from infecting and manipulating voting
machines. Limiting physical access to memory cards and voting machines
could also help prevent tampering. The paper cites a study conducted in
2006, in which researchers addressed issues like "lack of inventory
control and gaps in the chain of custody," pointing out the need for
policies that establish secure handling and management practices for
voting machines. The paper also advocates parallel testing, system
certification, and paper trails as other potential solutions.
Last month, we reported on election disruptions that occurred in Alaska as
a result of Diebold machine defects. Yesterday, Johns Hopkins University
computer science professor Avi Rubin wrote a blog entry about a day at the
polls with the Diebold AccuVote-TS. Serving as an election judge in the
Maryland primary, Rubin witnessed numerous Diebold machine voting failures
and deficiencies firsthand. From missing access cards to dysfunctional
electronic poll books to ineffective anti-tamper mechanisms, the machines
were nothing but trouble. Machines crashed, refused to synchronize, and
inaccurately reported whether or not a citizen had already voted. One of
the most disturbing revelations of the day related to Diebold's business
practices rather than the machines themselves. The Diebold representative
assigned to the precinct had been hired the day before, and had only
received a brief six hours of training in a massive session with 80 other
people. The representative admitted to having virtually no familiarity
with the hardware, and claimed that Diebold hired cheap contractors to do
the job rather than well-trained technicians in order to save money. The
representative, who didn't even know how to set the machines up, gave up
and left in frustration halfway through the day.
The state of California banned Diebold voting machines, and sued the
company for machine-related fraud after flaws were found in the
AccuVote-TSx machines used in a 2004 election. The constant stream of
discovered vulnerabilities and problems in real elections may finally
compel other states to do the same. Diebold has not yet responded to our
requests for a comment, but sources say that the company is attempting to
pressure the Princeton group into retracting the study. In the past
Diebold typically responds to criticisms of its voting machines by
asserting that the systems operate securely when properly configured.
.
- Follow-Ups:
- Re: More Flaws Discovered in Diebold Voting Machines
- From: KODIAK
- Re: More Flaws Discovered in Diebold Voting Machines
- Prev by Date: Re: J.K. Rowling challenges airport security
- Next by Date: Re: DNC useless vis-a-vis votescript
- Previous by thread: Corruption As Politics?
- Next by thread: Re: More Flaws Discovered in Diebold Voting Machines
- Index(es):
Relevant Pages
|
