Thursday, September 14, 2006

It's VERY easy to hack a Diebold machine


I've been waiting for someone to do a demonstration like this (HT: Jules Siegel on Kos). Now some folks at Princeton have shown just how vulnerable this particular machine is. I've stayed away from the whole vote fraud issue because of lack of expertise, but when the hacking is this easy to do, and it's this obvious how someone could do it, I've got to give it some play:
For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.
[emphasis mine] They have a demonstration video on their site. It's pretty scary.

This Kos commenter points out something particularly annoying about this whole business:
We must not forget that Diebold produces most of the ATM machines. There is no way they would be out there with this many holes in them. They are capable of producing a fairly secure system, but the opt not to. Why can't we vote electronically with the security of an ATM? Because they know most people care more about their money than their freedom.
(Another points out that the voting machines and ATMs are made by separate divisions.)

0 Comments:

Post a Comment

Links to this post:

Create a Link

<< Internal Monologue home