Diebold voting machines even more vulnerable than thought
From Freedom to Tinker
and BoingBoing
Diebold voting machines worse than originally thought
Diebold's notoriously insecure voting machines -- in use across the USA -- have been found to have an even deeper vulnerability than previously known. A new report by Harri Hursti, released on BlackBoxVoting, documents how an attacker with a few moments' of private physical access to a machine could compromise it and load it with his own software, compromising every function of the machine, including the ability to count votes.
Ed Felten and Avi Rubin have written an excellent summary and analysis of the Hursti paper and published it on Freedom to Tinker -- if you care about whether you vote gets counted in 2006, read this now.
Hursti’s findings suggest the possibililty of other attacks, not described in his report, that are even more worrisome.
In addition, compromised machines would be very difficult to detect or to repair. The normal procedure for installing software updates on the machines could not be trusted, because malicious code could cause that procedure to report success, without actually installing any updates. A technician who tried to update the machine’s software would be misled into thinking the update had been installed, when it actually had not.
On election day, malicious software could refuse to function, or it could silently miscount votes.
--
"here possible, precincts planning on using these machines should consider making paper backup systems available to prepare for the possibility of widespread failures on election day. The nature of this technology is that there is really no remedy from a denial of service attack, except to have a backup system in place. While voter verified paper trails and proper audit can be used to protect against incorrect results from corrupt machines, they cannot prevent an attack that renders the machines non-functional on election day."
Link here
0 Comments:
Post a Comment
<< Home