New Diebold Vulnerability
Ed Felten and his team at Princeton have analyzed a Diebold machine:
This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities—a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.
(Executive summary. Full paper. FAQ. Video demonstration.)
Diebold has repeatedly disputed the findings then as speculation. But the Princeton study appears to demonstrate conclusively that a single malicious person could insert a virus into a machine and flip votes. The study also reveals a number of other vulnerabilities, including that voter access cards used on Diebold systems could be created inexpensively on a personal laptop computer, allowing people to vote as many times as they wish.
McGavin • September 14, 2006 3:55 PM
From one of the articles:
“I’m concerned by the fact we weren’t contacted to educate these people on where our current technology stands,” Mark Radke said.
What the hell does that matter? The first round of deployed machines should not be vulnerable. These aren’t ATM machines. We can’t fix broken elections (especially if they’ve been fixed).
The root of the problem is the whole evoting system we’re deploying; not just the machine.