Slashdot Mirror

← Back to Stories (view on slashdot.org)

Critical Security Hole Found in Diebold Machines

Posted by ryuzaki0 on from the want-my-money-back dept.

ckswift writes "From security expert Bruce Schneier's blog, a major security hole has been found in Diebold voting machines." From the article: "The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide. Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways."

8 of 306 comments (clear)

  1. The Shock! The Surprise! by GaryPatterson · · Score: 5, Insightful

    So the closed-source company with apparent links to the incumbent government and a record of blocking any attempts to investigate their code turn out to have security flaws?

    Okay - closed-source versus open-source is a non-issue, but I expected something like this from Diebold sooner or later.

    I'm seriously worried though. Here in Australia a lot of ATMs have been replaced recently with shiny new Diebold machines. I've no doubt they're harder to hack, but it's not an encouraging sign.

  2. why do we need electronic voting? by phlegmofdiscontent · · Score: 3, Insightful

    What's so bad about the optical scanners and the ballots where you fill in a circle? I remember a study that showed they were the most secure, you have a paper trail, and any idiot can figure it out after 13 years of standardized testing. Electronic voting, on the other hand, smacks of boodoggle, fraud & overall shoddiness.

  3. Re:Black Box Voting & The Details by TripMaster+Monkey · · Score: 4, Insightful

    Making these devices large, restricted to the government, bulky & containing GPS units in the case of them being stolen.

    Not to sound pessimistic, but the government is precisely the people we need to protect this machine from. I would think that the only way to address this would be to:

    • Hold of on installing the final software load approved by both parties (and perhaps a third, 'impartial' entity) until the device is installed on-site (and bolted down)
    • Install the final software load while overseers from both parties (and the third, 'impartial' entity) verify the installation and the veracity of the software load via checksum.
    • Secure the access door permanently (rivets, welding, whatever), and have all overseers affix tamper-evident seals.
    • Overseers remain present throughout voting, and periodically inspect tamper-evident seals.

    If an irregularity occurs, the entire process must be repeated and the citizens must be allowed to vote again. This will eliminate the posibility of people just tampering for the purpose of getting the precinct thrown out of the count.
    --
    ____

    ~ |rip/\/\aster /\/\onkey

  4. Re:Funny isn't it? by typical · · Score: 5, Insightful

    They make a voting machine that is atrocious and faulty.

    To be fair, even if it were someone else, voting machines that submit the vote in electronic form simply have fundamental problems with accountability. Yes, Diebold has had some atrocious engineering problems, but even if you took the best group of engineers on the planet and asked them to replace the pencil or hole punch machine with a fully electronic form, they'd still have a vastly more exploitable system than the traditional system.

    I view Diebold as representative of a lot of companies that get government contracts -- obtaining unneeded pork, doing a fairly half-assed job. However, while some things (like the criminal records of people presiding over the project) were a little disturbing, I'm more willing to say that Diebold probably has nothing more malicious in mind than getting as much money as possible and not caring much as to how useful (or dangerous) their work is.

    The real problem is that no voting administrator wants to be in the shoes of the Florida people, where questionable ballots exceeded the margin by which Bush won. An electronic form throws away all data other than a simple vote -- it may not be more accurate, but it covers the asses of voting administrators.

    The fact that the whole system is much less accountable and more open to abuse and attacks than a physical system is more an issue that not of the involved people (voting officials and Diebold) just don't care about than one that I expect that they intend to personally exploit.

    --
    Any program relying on (nontrivial) preemptive multithreading will be buggy.
  5. Re:It's not a bug, it's a feature! by gid13 · · Score: 4, Insightful

    1. Do you have any stats to back this up? I am unconvinced by someone saying the word "FUD".
    2. Diebold doesn't need to tamper with the election to make using their voting machines a horrible idea. As this article points out, there are extreme security flaws that allow others to tamper, which means Diebold has failed miserably at the goal of creating secure voting machines.
    3. Assuming your stats are correct, is it a coincidence that the Diebold machines were installed in heavily Republican areas? Who got to decide on the voting machines/mechanisms used?
    4. You say "yet another liberal urban legend" without giving any examples. Do you think there are more liberal urban legends than conservative ones? That would be a very difficult claim to defend. Which is probably why you just put it out there as if it was obvious in hopes that people would just agree. Sadly, this works all too well all too often in the political world. Your post is a couple of undefended partisan claims, and nothing more. If you're actually thinking about anything, please show us what you're thinking. Otherwise you might as well just say "REPUBLICANS RULE! DEMS SUCK! GO BUSH!" and keep contributing to the us and them sports fan mentality that American politics has become. Well that turned into a bit of a rant, didn't it?

  6. Re:What I would like to know..! by geobeck · · Score: 5, Insightful
    These ridiculous security holes can only be intentional.

    My greatest fear regarding American elections is that Diebold machines will be used for a national vote to repeal the 22nd amendment, then for the following presidential acclimation--I mean, election.

    Americans, please, start a grassroots movement to outlaw the use of any electronic, and therefore hackable, voting machines. Look at Canada's election process. Sure, we have only 10% of your population, but we have substantially less than 10% of your election hassles. In Canada, paper ballots are counted manually by Elections Canada volunteers, witnessed at each vote counting station by representatives from all official parties.

    And for the love of Mike, start some new political parties! You may turf out the Republicans in 2008, but your Democrats are no prize either!

    --
    Find environmentally and socially responsible products on http://buy-right.net
  7. Re:Black Box Voting & The Details by Sepper · · Score: 4, Insightful

    I still puzzles me why americans don't use something simpler...

    hell, if India (with a BIGGER population) is capable of holding elections without soo much trouble, why can't the US do it?

    --
    I live in Soviet Canuckistan you insensitive clod!
  8. How long would it take... by Analogy+Man · · Score: 4, Insightful

    Suppose DieBOLD's ATM machines had a backdoor key sequence that would enable me to get the whole stack of 20's. How long would it take them to slam that door shut?

    --
    When the people fear their government, there is tyranny; when the government fears the people, there is liberty.