A Salon exclusive: Diebold voting machines can be hacked by remote control. (h/t ProPublica)
"Computer science and security experts at the Vulnerability Assessment Team at Argonne National Laboratory in Illinois...say the newly developed hack could change voting results while leaving absolutely no trace of the manipulation behind."If you forego using remote control to start&stop the attack, the parts for this "alien hardware" man-in-the-middle attack run just about $10 retail to compromise a single Diebold voting machine, "cheaper if you buy in volume". And it's invisible to outside inspection.
It's not just Diebold and Sequoia machines at risk, those were just the machines the team has had access to. And it's not just voting machines, either - "this has implications for any application where a user uses a touchscreen".
"We believe these man-in-the-middle attacks are potentially possible on a wide variety of electronic voting machines," said Roger Johnston, leader of the assessment team "We think we can do similar things on pretty much every electronic voting machine."
...
This is a national security issue," says Johnston. "It should really be handled by the Department of Homeland Security."
...
The same type of DRE systems, or ones very similar, will once again be used by a significant part of the electorate on Election Day in 2012. According to Sean Flaherty, a policy analyst for VerifiedVoting.org, a nonpartisan e-voting watchdog group, "About one-third of registered voters live where the only way to vote on Election Day is to use a DRE."
A few notes from watching the video:
"the way tampering seals are typically used is inadequate to detect physical or electronic intrusion"; "anyone with an electronics workbench could put it together"; there's no soldering or destruction of the circuit board, so the alien bits can be removed afterwards & there'll be no forensic evidence that it had been there.FYI to the curious - in the video & the Salon article, we're told (& shown) that the intrusion used "alien hardware", but not told specifically what alien hardware was used.
They used a "man (actually, microprocessor) in the middle" attack, inserting their homebuilt circuit board (it "could probably be miniaturized") between the touchscreen UI and the main circuit board; they also demonstrated other avenues of attack, e.g. between the main circuit board & the printer, to control what gets printed.
No comments:
Post a Comment
Welcome, and thanks for caring enough to donate your time and thoughts toward greater collective wisdom...
Terms of engagement:
* Please be civil.
* * * * Please do not post anonymously * * * (I'd remove this choice if I could, and I may remove your comment if you do) - instead, do this:
Click on the 'Name/URL' radiobutton, then enter your real name (if you're brave) or a pseudonym (if you're not). (You can leave the "URL" field blank.)
Or go ahead and click "Anonymous", but put your name in your comment.
* The Management reserves the right to delete comments (Moderation Certificate can be found here). You can always post it on a blog of your own.
If you run into technical difficulties, please a) accept my apologies, then b) email your comment to aherror2011 at gmail.com with "Comment for [name of this blog]" in the Subject line.
New policy re climate contrarianism comments as of 11/11/2009:
Comments questioning the climate science community's understanding of climate change (97% of active climatologists now believe that the earth is currently warming and that it's human-caused - link) will be deleted unless the commenter:
a) is local
b) uses his real name
c) provides link(s) to substantiate his claim(s)/inference(s)
d) is willing to collaborate on constructing an argument tree, to get us past the usual sterile point-counterpoint-countercounterpoint.
(For people who can't read the above, a summary:
1) Be civil;
2) Don't post w/o giving at least a pseudonym;
3) Don't espouse climate-denial crankery unless you're local and willing to stand behind it.)
Caveats:
1. Comments could be delayed: they are being moderated, and I'm sometimes away from the computer for a day or more.
2. : Perfectly legitimate comments are sometimes miscategorized (by the blogging platform) as spam, & not published. If this happens to yours, please notify me, else I might not notice for a day or two.