Worst Ever Security Flaw in Diebold Voting Machine

Worst Ever Security Flaw in Diebold Voting Machine

"The folks at Open Voting Foundation got their hands on a Diebold AccuVote TS touchscreen voting machine. They took it apart (pictures here), and found the most serious security flaw ever discovered in this machine. A single switch is all that is required to cause the machine to boot an unverified external flash instead of the built-in, verified EEPROM."

http://politics.slashdot.org/politics/06/07/31/1646246.shtml?tid=172

I tell you, I should have won the last election!

I still can't understand why we went away from the basic punched IBM card ballot and associated hole puncher. Have people run the card through a power brush if they're too lazy to check for hanging chads themselves.

Who knows how many millions of dollars have been spent on useless, unsecure, unmaintainable electronic voting machines by now.

It's like Chicken Little happened and now we're all stuck in a cave...

Voting Isn't Easy, Even if Cheating Is

"The Open Voting Foundation's disclsosure that only one switch need be flipped to allow the machine to boot from an unverified external flash drive instead of the built-in, verified EEPROM drew more than 600 comments; some of the most interesting ones are below, in today's Backslash story summary."

http://backslash.slashdot.org/backslash/06/08/01/191235.shtml

Diebold's machines have been under investigation for different security problems for years. I work in the digital security field and was involved with (different, maybe even worse) Diebold problems back in 2002-2003.

As crappy as electronic voting is, the manual system doesn't always fare that well either. Its a harder problem to solve than you'd think. That said, Diebold has a pretty awful track record.

Are there any decent competitors to these guys? I never hear about anyone but them. Are the choices really hanging chads or diebold? I'd rather just gather in my local town hall and yell yeah or neah!

I could probably find you a team of people that could build a boot card for these that made it look exactly like the regular system only send all the votes for whomever you wanted in just a few days. With such a programming project completed one guy overnight in a storage center for them could rig the entire state. What a joke.

A recent news story also covered a mayoral election that had a programming flaw.

They had printed ballots for each district with a different listing order for the candidates, so copying ballots would be harder. However, it seems no one told the programmer. The machines were all set up to read only one candidate-order listing. That meant that the order of the names on the ballot of only one district were considered to be the order for all of the other districts by the machines, regardless of how they were actually listed in the others. The person who finished ninth according to the machines actually won the election when the machines were set to read the ballots as listed on the forms for the individual districts.

Moral of the story -- a paper trail in elections with computer voting machines might not be a bad idea afer all.

why a switch?

whoever the "brillant" engineer is who made the machine obviously wanted his vote to win

Illum_the_nation said:

why a switch?

whoever the "brillant" engineer is who made the machine obviously wanted his vote to win

Click to expand...

And that is the exact problem, especially with machnes that have no paper trail.

As Will Rogers said, "We have the best political system that money can buy."

there is a switch because it makes sense from a hardware and software debugging sense but should be completely gone and removed even from the board traces before any rollout. What it shows is that there is a total disconnect between reality, management and the engineers designing the thing. A total disregard for the specifics of their contract.

Diebold Security Flaw, Bug Or Feature?

Given the history of their voting products, why are people assuming it is a flaw rather than a feature? Stray parts do not just wander onto boards. Someone with a high level understanding of the machine designed that switch to have a specific function with that circuit, and the company spends extra money to put that switch on every board.