Flaws that leave electronic voting machines vulnerable to security attacks were discovered by University of California researchers as part of an unprecedented "Top-to-Bottom Review" of the systems commissioned by California Secretary of State Debra Bowen.
...teams were able to compromise the physical and software security of all three systems tested...made by Diebold Elections Systems, Sequoia Voting Systems and Hart InterCivic, respectively.
...
"The problem with the systems should have been detected early in their development," said Bishop. "There are ways to develop and implement systems that resist compromise much better than the systems we examined. Many of these safeguards are taught in undergraduate and graduate computer security courses, but it was clear they were not used effectively in the electronic voting systems we evaluated."
...testers were [also] able to bypass the machines' tamper-resistant seals and locks, physically gaining access to the memory cards that store the votes. Such a vulnerability could potentially be exploited on Election Day, the researchers said.
"In many cases, this could be done in less than a minute, and in a way that would not necessarily be noticed by poll workers, particularly if there are privacy shields and curtains blocking their view of the voter," said Bishop.
...
knowledge of a voting system's source code, while helpful, is not critical to breaking down its security barriers...
...teams were able to compromise the physical and software security of all three systems tested...made by Diebold Elections Systems, Sequoia Voting Systems and Hart InterCivic, respectively.
...
"The problem with the systems should have been detected early in their development," said Bishop. "There are ways to develop and implement systems that resist compromise much better than the systems we examined. Many of these safeguards are taught in undergraduate and graduate computer security courses, but it was clear they were not used effectively in the electronic voting systems we evaluated."
...testers were [also] able to bypass the machines' tamper-resistant seals and locks, physically gaining access to the memory cards that store the votes. Such a vulnerability could potentially be exploited on Election Day, the researchers said.
"In many cases, this could be done in less than a minute, and in a way that would not necessarily be noticed by poll workers, particularly if there are privacy shields and curtains blocking their view of the voter," said Bishop.
...
knowledge of a voting system's source code, while helpful, is not critical to breaking down its security barriers...
From the LA Times article on same study:
Testers "were able to bypass both physical and software security in every system they tested," Bowen said.
No comments:
Post a Comment
Welcome, and thanks for caring enough to donate your time and thoughts toward greater collective wisdom...
Terms of engagement:
* Please be civil.
* * * * Please do not post anonymously * * * (I'd remove this choice if I could, and I may remove your comment if you do) - instead, do this:
Click on the 'Name/URL' radiobutton, then enter your real name (if you're brave) or a pseudonym (if you're not). (You can leave the "URL" field blank.)
Or go ahead and click "Anonymous", but put your name in your comment.
* The Management reserves the right to delete comments (Moderation Certificate can be found here). You can always post it on a blog of your own.
If you run into technical difficulties, please a) accept my apologies, then b) email your comment to aherror2011 at gmail.com with "Comment for [name of this blog]" in the Subject line.
New policy re climate contrarianism comments as of 11/11/2009:
Comments questioning the climate science community's understanding of climate change (97% of active climatologists now believe that the earth is currently warming and that it's human-caused - link) will be deleted unless the commenter:
a) is local
b) uses his real name
c) provides link(s) to substantiate his claim(s)/inference(s)
d) is willing to collaborate on constructing an argument tree, to get us past the usual sterile point-counterpoint-countercounterpoint.
(For people who can't read the above, a summary:
1) Be civil;
2) Don't post w/o giving at least a pseudonym;
3) Don't espouse climate-denial crankery unless you're local and willing to stand behind it.)
Caveats:
1. Comments could be delayed: they are being moderated, and I'm sometimes away from the computer for a day or more.
2. : Perfectly legitimate comments are sometimes miscategorized (by the blogging platform) as spam, & not published. If this happens to yours, please notify me, else I might not notice for a day or two.