Diebold Security Foiled Again

XenoPhage writes "Yet again, Diebold has shown their security prowess. This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines. Ross Kinard of Sploitcast crafted three keys based on this photo. Amazingly enough, two of the three keys successfully opened one of the voting machines. But fear not, Diebold has removed the offending picture, replacing it with a picture of their digital card key. Take that, hackers!"

Still in business

[j00r0m4nc3r]

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

Re:Still in business

[gstoddart]

How can these guys still be in business? It seems like every couple weeks for the past 3 or 4 years I have been hearing about them screwing shit up, over and over and over and over again. Any other company would have been history long ago. What's with Diebold? Why don't they die?

That's because they aren't being viewed with a critical eye by the people buying voting machines.

The people who are making those decisions continue to want to have the voting machines in the face of all of the evidence showing how unsecure/not-tamper-proof these things really are.

Apparently, the government doesn't seem too bothered by a vendor who is selling a product which is completely insecure.

Cheers

Re:the only thing..

[SatanicPuppy]

It's because the exit polling was a much closer match to the actual results, rather than having substantial irregularities or, as in the case of the 2004 election, actual instances of election fraud.

Having both sides being extremely skeptical of the computer returned election counts is the only thing keeping anyone honest.

Re:Isn't this...

[Physics+Dude]

Isn't this the same key that will open mini-bars?

Yes. From the article:

" ... and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes."

Florida House 13

[bloodstar]

Why are people ignoring what is going on in Florida House District 13?

The Rebublicans are claiming a 369 vote victory. However the EVMs in Sarasota county, reported an undervote of 18,000. or 1 in 6 of the total votes, which is much higher than the undervote in both the other counties and on average. Sarasota County also happened to be where the Democrat challenger won the vote by 6 percentage points (of the votes cast in that county).

There are some obviously severe issues with Electronic Voting, Particularly when there is no paper trail (as in the case for this district). Sure, there are ways to change the vote on a paper verification ballot, however large scale fraud becomes problematic to implement.

Links Below:
http://www.heraldtribune.com/apps/pbcs.dll/section ?CATEGORY=NEWS0521&template=ovr2
http://en.wikipedia.org/wiki/Florida's_13th_congre ssional_district
http://www.verifiedvotingfoundation.org/article.ph p?id=6423
http://www.cqpolitics.com/2006/12/the_cqpolitics_i nterview_chris_1.html

You're barking up the wrong tree

[inviolet]

This time they posted, on their website, a picture of the actual key used to open all of their Diebold voting machines.

Voting machines should not be relying on physical security in the first place, because it is not practical to physically protect them 24/365. Their trustworthiness should be the result of double-handshake cryptographic authentications between the touchscreens, consoles, memory cards, and the central tabulator. Being able to open the cabinet should not be a vulnerability, because poll workers are invariably going to need to do so.

So, if Diebold machines implement proper authentication, then the cabinet key is not an interesting exposure. But if they don't (and we already know that they don't), then the cabinet key doesn't make them significantly more vulnerable than they already are.