Tuesday, September 19, 2006

“Hotel Minibar” Keys Open Diebold Voting Machines"

I'm still not sure why everyone is so surprised at the ease of access for these Diebold machines. IMO it's planned so any otherwise dumb as a rock Republican operative can change the votes at will and end up with the old 51% Repub, 49% Dem outcome. They didn't dare make them to complicated.
--
“Hotel Minibar” Keys Open Diebold Voting Machines

Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an
example that anybody, expert or not, can appreciate..

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

..A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an
office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.

The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.
--
Security analysis of the Diebold voting machine:
From Freedom to Tinker and BoingBoing

Note:
[…]The security analysis includes a video and a detailed report. (There is a companion posting on the Freedom to Tinker site.) The video includes a demonstration of a mock election with a race between George Washington and Benedict Arnold. The votes are cast 4-1 in favor of Washington but the machine reports a 3-2 win by Arnold. The election-stealing software leaves no trace that the results are fraudulent. Significantly, the malicious software can be installed on a given machine in under a minute. The viral spread of the software can occur in multiple ways. In particular, it can spread when the election machines are initialized before an election with names of the candidates in each race.[…]

0 Comments:

Post a Comment

<< Home

asp hit counter
hit counters