Monday, July 30, 2007

Study finds flaws in Nevada County's electronic voting system

"Review Finds Potential Flaws in Voting Systems", a UC Davis press release reports:
Flaws that leave electronic voting machines vulnerable to security attacks were discovered by University of California researchers as part of an unprecedented "Top-to-Bottom Review" of the systems commissioned by California Secretary of State Debra Bowen.
...teams were able to compromise the physical and software security of all three systems tested...made by Diebold Elections Systems, Sequoia Voting Systems and Hart InterCivic, respectively.
"The problem with the systems should have been detected early in their development," said Bishop. "There are ways to develop and implement systems that resist compromise much better than the systems we examined. Many of these safeguards are taught in undergraduate and graduate computer security courses, but it was clear they were not used effectively in the electronic voting systems we evaluated."

...testers were [also] able to bypass the machines' tamper-resistant seals and locks, physically gaining access to the memory cards that store the votes. Such a vulnerability could potentially be exploited on Election Day, the researchers said.

"In many cases, this could be done in less than a minute, and in a way that would not necessarily be noticed by poll workers, particularly if there are privacy shields and curtains blocking their view of the voter," said Bishop.
knowledge of a voting system's source code, while helpful, is not critical to breaking down its security barriers...

From the LA Times article on same study:
Testers "were able to bypass both physical and software security in every system they tested," Bowen said.

No comments: