Man-In-the-Middle Remote Attack On Diebold Voting Machines

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."

Re:Well, good thing I didn't research this area.

[lammy]

The key point is SUPERVISION. Yes, the voting station staff might be corrupt, but if you have representatives from each of the parties with a stake in the election present during the entire voting and counting process, then sleight-of-hand becomes is much trickier. With a pencil-and-paper-based system, you need to distract a great number of people *on election day* (assuming the votes are counted immediately after polls close, as in the UK) in order to 'interfere' with the vote. With the electronic system, all you need is a moment alone with the machine, at basically any point after its manufacture, to make your modifications (whatever they may be - software/hardware - just preferably hard to trace) - and it suddenly doesn't matter how rigorous the supervision is, come election day. Human beings can't supervise at the electron level.

Re:Not very correct

[JWSmythe]

    What they're saying is that no soldering on the original hardware, nor replacement of any components is necessary. Some previous attacks required the removal of the storage media (compact flash, if I remember right).

    The unit they demonstrated simply requires unplugging two things, and putting their unit in between. After the election is complete, they'd simply need to access the units again, remove the component, and all is well.

    Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.