The Diebold machine -- a tablet computer-based tabletop device -- saves program and vote information on standard Flash cards whose slots are secured by a locked metal cover. The video asserted that keys fitting these locks are easily duplicable, and that -- even lacking a key -- a member of Felten's team could routinely pick the locks in less than ten seconds; or gain access to the Flash card by removing six screws from the bottom of the machine and lifting its upper shroud away completely. Once access to the Flash card is gained, the card can be briefly removed, a virus-bearing card inserted, and power cycled -- loading the malicious code into memory. The original card is then re-inserted, exposing it to infection by the virus and making its contents vulnerable to change by viral code. Felten's team was, they assert, able to develop viral code that could "steal votes undetectably, modifying all records, logs and counters to be consistent with the fraudulent vote count it creates." And they were able to embed this functionality in viral envelopes that could propagate from machine to machine during normal pre- and post-election activities (e.g., periodic collection, backup and summary of vote-counts). By compromising just one machine, therefore, an attacker could conceiveably alter results for an entire electoral district, or in some situations, in even more far-reaching ways.
The Princeton team performed its study independently, using a machine obtained from a private party. In his executive summary to the paper, Felten notes that the current work extends and confirms assertions first made by Kohno, Stubblefield, Rubin (all of John's Hopkins) and Wallach (of Rice University) in their well-known 2003 paper Analysis of an Electronic Voting System, which concluded that Diebold machines failed to provide even the most minimal security standards applicable in other contexts (e.g., banking), and asserted that closed-source approaches to building such a device were intrinsically flawed. One of the leaders of that team, Dr. Aviel Rubin, just released a book on this subject, titled: Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.
