Slashdot Mirror

← Back to Stories (view on slashdot.org)

Voting Machine Attacks Proven To Be Practical

Posted by kdawson on from the back-up-the-dumpster dept.

An anonymous reader writes "Every time a bunch of academics show vulnerabilities in electronic voting machines, critics complain that the attacks aren't realistic, that attackers won't have access to source code, or design documents, or be able to manipulate the hardware, etc. So this time a bunch of computer scientists from UCSD, Michigan, and Princeton offered a rebuttal. They completely own the AVC Advantage using no access to source code or design documents (PDF), and deliver a complete working attack in a plug-in cartridge that could be used by anyone with a few private minutes with the machine. Moreover, they came up with some cool tricks to do this on a machine protected against traditional code injection attacks (the AVC processor will only execute instructions from ROM). The research was presented at this week's USENIX EVT."

4 of 225 comments (clear)

  1. Hey slashdot! by Anonymous Coward · · Score: -1, Troll

    Rob Malda's asshole is so blown out that when we had sex last night he kept shitting even when I WASN'T asking for the cleveland steamer!

  2. Re:If they own it, whats the problem? by Anonymous Coward · · Score: 0, Troll

    I agree wholeheartedly.

    Let's all grab our torches and pitchforks and storm the House and the Senate while they're in session, beating the living shit out of everybody inside. Then we hold them all for ransom and exchange their worthless lives for our dignity and a working middle class. We can use the ones from the Southern states as food if negotiations take too long.

  3. Re:If they own it, whats the problem? by Moryath · · Score: -1, Troll

    Ahh, slashdot.

    Mention that Obama's just as corrupt as any other politician out there, get modded "troll."

    The left-wingers are really entrenched.

  4. Re:Not a Bug by Anonymous Coward · · Score: -1, Troll

    "The only problem with this is that you aren't going to get a few "private minutes" with the machine"

    And wrong,

    Unless your the programmer (one is all it takes)
    Unless your the manufacturer (one is all it takes)
    Unless your the pollworker (one is all it takes)
    Unless your the guy at the storage warehouse, or controlling access to such devices (one is all it takes)
    Unless you've had a sleepover with a machine (one is all it takes)
    Unless your left alone with a machine (one is all it takes) because of the abuse of local cops against the public oversight

    "I've worked as an elections inspector (poll worker) in the state of New York for the last five years."

    You may have worked as an inspector, but inspector's are not all cracked up to be what they claim. I personally found inspector's who lie, and threaten the public. Your not out right lieing or intimidating and threatening public oversight with local cops are you? Even if your not, your still not to be trusted. Not even the Secretary of State can be trusted, when it comes to tabulating votes.

    Regardless of who you claim to be, You can not see electronic signals. And as an election inspector, if you can prove you are who you say you are, you are not even considered part of what makes up public oversight anyway. You say your interested in knowing how to rig an election in the State of New York, but clearly you don't want to know about such things as chip manufacturing with backdoors at the doping level.

    Your "tamper evident seals" have already been bypassed, both in the field, and before the seal goes on. So they don't matter any way you look at them.

    Are you willing to identify yourself publicly? (My money is on you not identifying yourself)
    And if so, are you willing to destroy all semiconductors in all your electronic vote tabulation devices, to have them all destructively reverse engineered under an electron microscope to hunt for killswitch logic, and other logic bombs? And yes we have to check them all, because one is all it takes.

    Even if you are willing to idenfify yourself publicly, clearly you have to see the giant catch 22 here. (I doubt you'll come clean and identify yourself or admit the truth.)
    http://www.spectrum.ieee.org/semiconductors/design/the-hunt-for-the-kill-switch/1

    As an election inspector, you are also a part time electronics engineer/tech, and an asm programmer as well, right? (My money is on you being an operative attempting to steer this conversation and spin the truth from the public)
    Careful... In light of what was just now described to you...
    If you say yes, your a corrupt liar about your stance on such devices. (I kind of think you fall into this category, but since we don't know who you really are, I can't really prove it)
    If you say no, then your not really qualified to make an inspection on such devices.
    Such devices can not be validated by the naked human eye during an election.

    So while you manage to sound official on slashdot, and manage to muster up 5 proxies each with a moderator point, and successfully use technology to mod yourself a +5 so your post looks good.
    You fail to describe the current situation truthfully, and you also fail understand NY State is not the only place using such devices.

    "I've worked behind the scenes here for a long time and I haven't seen any vulnerabilities in the system."

    As already described above, you wouldn't see any vulnerabilities. Which is the whole point here. But I doubt your interested in truth.