Diebold voting machine insecurity

Dr. Dobbs Journal put up a story last week about several security researchers who showed how insecure Diebold voting machines are. This is one of the most important things affecting the current political realm, in my not so humble opinion. I’m putting the rest of the story below the following link, but please read all this and don’t just skip ahead. This really matters, and shows the need for voter verified paper print-outs to go along with the electronic vote entry for auditing purposes.

In his Wednesday evening keynote address on Security at SD Best Practices, Boston, Cigital’s Gary McGraw discussed a paper and shared clips from a video demo released today by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy, titled: Security Analysis of the Diebold AccuVote-TS Voting Machine. The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.

The authors explain how easy picking the lock is (under 10 seconds) if you don’t have one of the easily forged keys, how they swapped out the Flash card which stores the program for the machine AND vote data, and how this can compromise multiple voting machines.

The authors do not claim that these machines have in any way been manipulated in a real election. In fact, in their Frequently Asked Questions (FAQ) they specifically mention the attacks shown have probably not been used in a real election and they do not believe any recent elections have been stolen/fixed. But given the number of folks who are certain the 2004 Presidential election was fixed, I’m sure the insecurity of the machines is going to be talked about by the conspiracy theorists.

Also note that these results may well apply to other company’s voting machines, but only the Diebold machine in the article was available to the researchers at the time. Perhaps other machines will be investigated in the future.

[tags]Diebold voting machine insecurity, Hack the vote[/tags]