Man-In-the-Middle Remote Attack On Diebold Voting Machines

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."

Re:Well, good thing I didn't research this area.

[lammy]

The key point is SUPERVISION. Yes, the voting station staff might be corrupt, but if you have representatives from each of the parties with a stake in the election present during the entire voting and counting process, then sleight-of-hand becomes is much trickier. With a pencil-and-paper-based system, you need to distract a great number of people *on election day* (assuming the votes are counted immediately after polls close, as in the UK) in order to 'interfere' with the vote. With the electronic system, all you need is a moment alone with the machine, at basically any point after its manufacture, to make your modifications (whatever they may be - software/hardware - just preferably hard to trace) - and it suddenly doesn't matter how rigorous the supervision is, come election day. Human beings can't supervise at the electron level.

Re:Well, good thing I didn't research this area.

[neyla]

There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

It isn't really needed to count all the votes: picking a small fraction of voting-places randomly and checking those, has a high probability of detecting systematic attempts at cheating nationwide.

Re:Not very correct

[JWSmythe]

    What they're saying is that no soldering on the original hardware, nor replacement of any components is necessary. Some previous attacks required the removal of the storage media (compact flash, if I remember right).

    The unit they demonstrated simply requires unplugging two things, and putting their unit in between. After the election is complete, they'd simply need to access the units again, remove the component, and all is well.

    Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.

Re:Well, good thing I didn't research this area.

[kevinNCSU]

what part of 'remote control from half a mile away' does supervision deter?

The part where you have to break the seals on the machine, take it completely apart, hook up circuitry to it, close it back up, and re-seal the now broken tamper-proof tape, let the election run, break back in, break the seals on the machine again, pull your electronics back out of the machine to eliminate evidence and then reseal the machine and fix the tamper-proof seals again.

Re:inserting the inexpensive electronic device

[Joce640k]

This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.

Usually we ignore the real world practicalities (I believe there's an XKCD cartoon about breaking 4096 bit encryption with a $5 wrench which illustrates this point nicely).

OTOH the Diebold contract should have been cancelled a long time ago and the people forbidden from ever working in security. They're seriously incompetent.

Me? I think electronic voting is basically flawed because information can be tampered with and leave no trace. I want something physical that can be audited later.

My plan:

I'd have the machines print out little cards with a plain text version of the votes on one side and QR codes printed on the other. You can check your vote is correct, fold it in half (it's pre-scored and has glue dots) so that only the QR codes are visible then drop it in the ballot box. The votes can be counted electronically and you have something physical which can be randomly sampled and/or audited later. Best of both worlds!