Slashdot Mirror

← Back to Stories (view on slashdot.org)

Diebold Voting Systems Grossly Insecure

Posted by michael on from the vote-early-vote-often dept.

Several well-known security researchers have examined the code for Diebold's voting machines (which we last mentioned two weeks ago) and produced an extensive report (pdf). The NYT has a story on the report, which cuts to the bone: 'Our analysis shows that this voting system is far below even the most minimal security standards applicable in other contexts. We highlight several issues including unauthorized privilege escalation, incorrect use of cryptography, vulnerabilities to network threats, and poor software development processes. For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal.'

5 of 534 comments (clear)

  1. Open Source? by chundo · · Score: 5, Interesting

    Time to start a viable open-source voting-machine project. These guys started something promising, but it looks like development has ceased. Anybody know of a decent, active open-source electronic voting system?

    -j

  2. Here's an article by Tarindel · · Score: 5, Interesting

    that I ran across a few weeks ago: http://www.cronus.com/electionfraud

    It IS interesting to note how many dollars have flowed between Diebold and the Republican party...

  3. Wow... by mhayenga · · Score: 5, Interesting
    Their security there sounds a lot like their security here at UT...

    For example, common voters, without any insider privileges, can cast unlimited votes without being detected by any mechanisms within the voting terminal

    The vending machines here around campus (using a diebold system) were used by almost 600 students to get "free" food... In an audit they detected it... Full text here

  4. No Surprise Here! by mildness · · Score: 5, Interesting
    NDAs must have expired by now so...

    Almost exactly 20 years ago Chase Manhattan Bank tasked my buddy Charles (?) and I to hack thier Diebold branch alarm system.

    To our surprise it used a simple lookup table. The mainframe would poll a branch asking about a specific alarm. The server located at the branch would respond with a code for "OK".

    THE SAME CODE EVERY TIME!

    We cut the telco lines and alligator clipped our TRS-100 (way cool early laptop) and using a BASIC program did a look-up (which my partner wrote a coolie algorithm for), responded "Everything's OK Here!", and went to lunch.

    After screwing off for several hours we told our managers that we had spoofed thier branch alarm system.

    They traveled to Diebold who swore up and down how great thier encryption was. The Chase guys slid our report across the table and watched the Engineers turn white as ghosts as they read it.

    HAHAHAHAHA What a bunch of dumbasses!

    The Moral of the Story: Don't trust your security vendors.

    Cheers! (:-{)}

    Bill

    --
    bamph
  5. Re:At least... by Sylver+Dragon · · Score: 5, Interesting

    In the end, I agree with you that mandatory voting is dumb - but it is one of our smallest problems

    I don't think I would mind mandatory voting, if, and only if, we had a "no confidence" vote on the ballot. Such that, if you didn't like any of the choices presented to you, you could vote to have a whole new slate of candidates put up(e.g. if the "no confidence" choice won, all of the parties have to put up new people and we try again.) God knows I would have voted that way back in 2000.

    --
    Necessity is the mother of invention.
    Laziness is the father.