Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Voting Systems Grossly Insecure

Posted by michael on from the vote-early-vote-often dept.

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

10 of 534 comments (clear)

  1. Open Source? by chundo · · Score: 5, Interesting

    Time to start a viable open-source voting-machine project. These guys started something promising, but it looks like development has ceased. Anybody know of a decent, active open-source electronic voting system?

    -j

  2. Here's an article by Tarindel · · Score: 5, Interesting

    that I ran across a few weeks ago: http://www.cronus.com/electionfraud

    It IS interesting to note how many dollars have flowed between Diebold and the Republican party...

  3. Wow... by mhayenga · · Score: 5, Interesting
    Their security there sounds a lot like their security here at UT...

    For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal

    The vending machines here around campus (using a diebold system) were used by almost 600 students to get "free" food... In an audit they detected it... Full text here

  4. No Surprise Here! by mildness · · Score: 5, Interesting
    NDAs must have expired by now so...

    Almost exactly 20 years ago Chase Manhattan Bank tasked my buddy Charles (?) and I to hack thier Diebold branch alarm system.

    To our surprise it used a simple lookup table. The mainframe would poll a branch asking about a specific alarm. The server located at the branch would respond with a code for "OK".

    THE SAME CODE EVERY TIME!

    We cut the telco lines and alligator clipped our TRS-100 (way cool early laptop) and using a BASIC program did a look-up (which my partner wrote a coolie algorithm for), responded "Everything's OK Here!", and went to lunch.

    After screwing off for several hours we told our managers that we had spoofed thier branch alarm system.

    They traveled to Diebold who swore up and down how great thier encryption was. The Chase guys slid our report across the table and watched the Engineers turn white as ghosts as they read it.

    HAHAHAHAHA What a bunch of dumbasses!

    The Moral of the Story: Don't trust your security vendors.

    Cheers! (:-{)}

    Bill

    --
    bamph
    1. Re:No Surprise Here! by LostCluster · · Score: 4, Interesting

      True security is impossible. Just can't happen, don't pretend you've done it. Real security is a matter of how hard can you make it to violate the system, and how hard can you make it to cover up any violations.

      In the case of any voting system allowing extra votes, that should be able to be solved by a simple external checksum. If there's more votes in any race than people who passed through the doorway, you've got a problem.

  5. Paper 1.0 by LostCluster · · Score: 4, Interesting

    I think all of the electronic voting systems have taken it all too far. What they should be doing is creating a nice glossy touchscreen interface that is clear and easy to read, to allow people to create a PAPER BALLOT that is properly marked. The ideal printout would both be human readable and machine readable for easy counting and recounting. Let physical, rather than technical security processes make sure that people put only one ballot into the box that counts, and voters can have unlimited attempts at trying to get the paper ballot to say what they wanted to say.

  6. DMCA in action! by bigberk · · Score: 4, Interesting
    From the report:
    A large amount of the other data made publicly available was protected by very weak compression/encryption software known as PKZip, which requires a password for access to the underlying work. PKZip passwords are relatively easy to avoid, and programs for locating passwords for PKZip files are readily available online. Moreover, passwords that others have located for these files have been freely available online for some time. Nonetheless, we decided to limit our research to only the files that were publicly available without any further effort, in part due to concerns about possible liability under the anti-circumvention provisions of the Digital Millennium Copyright Act.
    Now that's kind of funny, isn't it? You have here a system which everyone agrees should be inherently secure. The developers use extremely weak (PKZip) passwords to protect some of their work, probably the more important components. Researchers can not break the password, however, because they will violate the DMCA.

    On the other hand, criminals, terrorists, and anyone else who wants to corrupt the voting process can easily break the password and discover how to mess up the voting.

    Now that's the DMCA in action, protecting your freedom! Oh yes, the DMCA is going to be just excellent for technology research and innovation.
  7. For those of you who think e-voting is simple: by bjtuna · · Score: 4, Interesting

    The author of this paper, Dr. Rubin, taught a class at Johns Hopkins University this past spring called Security and Privacy in Computing. I was lucky enough to be in this class. The semester-long project was to design and implement a prototype electronic voting system that solved the problem of "remote poll sites". Basically, the State of Washington had commissioned Dr. Rubin to deliver a system whereby a voter could cast his vote at ANY voting station in the state, and not have to go to his specific poll site. This sounded great: you wouldn't have to lose a day of work so you could vote at the local high school... you could vote at the little kiosk near your office.

    Unfortunately the idea doesn't work. The reason is that you would need every kiosk (or polling station) to be connected to some sort of network in realtime in order to retrieve ballots, cast votes, and update voter status. The problem with this is that you have now created a network that is vulerable to DoS attacks. It wouldn't matter how you structured your network for performance... the minute someone snips a wire at any given kiosk, you have two choices:
    1) make that kiosk unavailable for voting
    2) still accept votes at that kiosk, but cast them provisionally.

    #1 is dangerous because now I could cut the wires at EVERY kiosk I could find (or packet the network, or whatever) and bring the election to a halt.

    #2 is dangerous because the more kiosks I bring down, the more ballots will be cast in which the voterID (which reveals his name, etc) is tied to the ballot. Loss of voter anonymity is unacceptable in American democracy.

    So what happens if you just leave all the kiosks offline and give them all a copy of the master voter registration db? Now you've opened yourself up to voter fraud: you could go from kiosk to kiosk, casting multiple ballots as yourself. If you stuck with voter anonymity, and each of those ballots were cast anonymously, how would the final tallying system know that you cast duplicate ballots? How would it know which to throw out?

    I'm told Dr. Rubin's grant from the State of Washington was eventually rescinded, I suspect because there's no good way to solve this problem, as well as a few others which I will not go into detail about here.

    I have described this problem in the following other Slashdot posts:
    http://slashdot.org/comments.pl?sid=61340&cid=5769 144

    http://slashdot.org/comments.pl?sid=61875&cid=5801 851

    --
    Intercarve Networks, LLC
  8. Election-Stealing HOWTO by ewhac · · Score: 4, Interesting

    Another bunch of guys who cobbled together a report on Diebold's laughable voting machines is available here, complete with plenty of screen shots.

    Schwab

    --
    Editor, A1-AAA AmeriCaptions
  9. Re:At least... by Sylver+Dragon · · Score: 5, Interesting

    In the end, I agree with you that mandatory voting is dumb - but it is one of our smallest problems

    I don't think I would mind mandatory voting, if, and only if, we had a "no confidence" vote on the ballot. Such that, if you didn't like any of the choices presented to you, you could vote to have a whole new slate of candidates put up(e.g. if the "no confidence" choice won, all of the parties have to put up new people and we try again.) God knows I would have voted that way back in 2000.

    --
    Necessity is the mother of invention.
    Laziness is the father.