Tuesday, September 19, 2006

Diebold more insecure than thought

Professor Ed Felten, together with Ari Feldman and Alex Halderman, have released a paper demonstrating some of the serious weaknesses of e-voting technology. It focuses on two models of the Diebold voting machines. There are 33,000 of these Diebold machines in use in American elections.

As Felten discusses, the machines are vulnerable to tampering by a malicious attacker with very little effort. Felten shows a video demonstrating the installation of vote-stealing software in less than a minute. This vote-stealing software can easily be programmed to remove itself afterwards, so that there is no trace that it ever existed.

Furthermore, Felten shows that due to a design flaw (or is that a feature?) of the Diebold machines, they are vulnerable to a virus which can spread from machine to machine, installing vote tampering software, without the fraudster needing access to all of the machines.

Felten also discovered, by accident, that the key which locks the machines, keeping unauthorized people out of the machine, is a common, easily purchased key used for mini-bars, filing cabinets and other office furniture.

The level of security in these voting machines is so poor, and Diebold's reputation of making secure, tamper-proof auto-teller machines is so high, that it is difficult to avoid the conclusion that this isn't a case of incompetence, but of deliberate backdoors left in the voting machines.

I've written about e-voting and Diebold machines before; this post in particular details the dirty shenanigans going on in California.

No comments: