Security

Diebold voting machines open to virus attack


It appears that the Diebold voting machines are coming under even more scrutiny, and the results are damning.

This time round, the scrutiny is coming from the University of California at Berkeley as part of a "top-to-bottom" review of electronic voting systems commissioned by the California Secretary of State.

An old topic that has been discussed to death and back on sites such as Slashdot, and the results of this review are truly chilling.

"The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes," says the report. Basically, the assessment of Diebold's source code revealed that an attacker need only have limited access to the machines to compromise the entire election.

Excerpt from the report (PDF):

An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive - malicious code could spread to every voting machine in polling places and to county election servers.

And:

A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county's voting machines...

Additionally, a paper trail of votes cast is insufficient to ensure the integrity of an election in which the machines are utilized. The reason is that votes might be subtly influenced without any external disruption, which might invite scrutiny or a fall back onto paper votes.

In conclusion, the report says, "For this reason, the safest way to repair the Diebold system is to re-engineer it so that it is secure by design." This sounds to me like just a nice way of asking for the whole system to be scrapped.

You can read more here:

I don't live in the United States, so it would be great if any of you folks from over there would care to add your two cents.

About

Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.

10 comments
NickNielsen
NickNielsen

Not only am I presented with choosing between the least of evils when I vote, not only can I not even be sure my vote was tallied as I wished, now I can't even be sure that I was presented all the evils between which I must choose. Isn't it amazing what happens when you legislate technology advances?

F4A6Pilot
F4A6Pilot

Since the knowledge of the socket programming isn't top secret, but proprietary, A DOS is vaguely possible if it hits the random pattern of dial back sockets perfectly with the correct offset... NSA wouldn't be likely to break it without the random seeds... (they asked for hooks for National security in 1997 when they couldn't break the pattern with the ATMs...)

wmlundine
wmlundine

...to deliver the election. Otherwise we may have never known.

DanLM
DanLM

Now, I'm afraid to even think about it. ;o( Dan

paulmah
paulmah

Or do you have an option to go for the plain old paper vote?

DanLM
DanLM

I don't know if its mandated state wide yet. I've only lived in the great state of Ohio for 2 years. I'm not very impressed with their legislative body. But, I also haven't followed as closely as I did in Pennsylvania. So, I am reluctant to judge. So, in answer to your question about state wide being mandated. I am unsure. Dan

learush
learush

We live in Oregon - we vote by mail, 100% paper for everything. As an added bonus, our *low* turn-out elections run about 40%. The last presidential election ran somewhere around 86% participation.

paulmah
paulmah

Add your two cents on this matter?

Scoid
Scoid

Paper ballots with simple Xs in boxes are and always will be the best way to vote. And I'm not talking about the bizarre and confusingly designed partially-punch-the-chad-and-confuse-the-Floridian ballot here either. Marked paper ballots cannot be compromised if held in dual custody. They are easy to use. They can be recounted. They never go bankrupt or become corrupted on their own. And all ballots are not susceptible to complete compromise by the diddling of a single individual unofficially employed by a governing party to do so.

Editor's Picks