Channels ▼


They Said it Couldn't be Done: Diebold Voting-Machine Hack Announced at SD Best Practices

In his Wednesday evening keynote address on Security at SD Best Practices, Boston, Cigital's Gary McGraw discussed a paper and shared clips from a video demo released today by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy, titled: Security Analysis of the Diebold AccuVote-TS Voting Machine. The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.

The Diebold machine -- a tablet computer-based tabletop device -- saves program and vote information on standard Flash cards whose slots are secured by a locked metal cover. The video asserted that keys fitting these locks are easily duplicable, and that -- even lacking a key -- a member of Felten's team could routinely pick the locks in less than ten seconds; or gain access to the Flash card by removing six screws from the bottom of the machine and lifting its upper shroud away completely. Once access to the Flash card is gained, the card can be briefly removed, a virus-bearing card inserted, and power cycled -- loading the malicious code into memory. The original card is then re-inserted, exposing it to infection by the virus and making its contents vulnerable to change by viral code. Felten's team was, they assert, able to develop viral code that could "steal votes undetectably, modifying all records, logs and counters to be consistent with the fraudulent vote count it creates." And they were able to embed this functionality in viral envelopes that could propagate from machine to machine during normal pre- and post-election activities (e.g., periodic collection, backup and summary of vote-counts). By compromising just one machine, therefore, an attacker could conceiveably alter results for an entire electoral district, or in some situations, in even more far-reaching ways.

The Princeton team performed its study independently, using a machine obtained from a private party. In his executive summary to the paper, Felten notes that the current work extends and confirms assertions first made by Kohno, Stubblefield, Rubin (all of John's Hopkins) and Wallach (of Rice University) in their well-known 2003 paper Analysis of an Electronic Voting System, which concluded that Diebold machines failed to provide even the most minimal security standards applicable in other contexts (e.g., banking), and asserted that closed-source approaches to building such a device were intrinsically flawed. One of the leaders of that team, Dr. Aviel Rubin, just released a book on this subject, titled: Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.

Related Reading

More Insights

Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.