New security glitch found in Diebold system
Officials say machines have 'dangerous' holes
Elections officials in several states are scrambling to understand and limit the risk from a "dangerous" security hole found in Diebold Election Systems Inc.'s ATM-like touch-screen voting machines.The immediate solution to this problem isn't a patch. What that article refers to is election officials ensuring that they are running the "trusted" build of the software done at the federal labs and stored at the NSRL, just in case someone installed something bad in the meantime.The hole is considered more worrisome than most security problems discovered on modern voting machines, such as weak encryption, easily pickable locks and use of the same, weak password nationwide.
Armed with a little basic knowledge of Diebold voting systems and a standard component available at any computer store, someone with a minute or two of access to a Diebold touch screen could load virtually any software into the machine and disable it, redistribute votes or alter its performance in myriad ways.
"This one is worse than any of the others I've seen. It's more fundamental," said Douglas Jones, a University of Iowa computer scientist and veteran voting-system examiner for the state of Iowa.
"In the other ones, we've been arguing about the security of the locks on the front door," Jones said. "Now we find that there's no back door. This is the kind of thing where if the states don't get out in front of the hackers, there's a real threat."
This newspaper is withholding some details of the vulnerability at the request of several elections officials and scientists, partly because exploiting it is so simple and the tools for doing so are widely available.
[...]
Scientists said Diebold appeared to have opened the hole by making it as easy as possible to upgrade the software inside its machines. The result, said Iowa's Jones, is a violation of federal voting system rules.
"All of us who have heard the technical details of this are really shocked. It defies reason that anyone who works with security would tolerate this design," he said.
Meanwhile, election machines are not held to any baseline computer security standards. These machines do crypto; where is the FIPS 140-2 certification? Arguably, they do computer security; where's the Common Criteria certification? These machines are not subject to any rigorous scrutiny, and it's criminal. The Powers That Be do not want these machines scrutinized, and are satisfied with Diebold's "Trust us" assertions.
A good friend of mine and I had a conversation about this last night, and he was saying that Diebold has several options they could use here to ensure that only the official build is installed and running.
1. Checksum or hash the image file that is distributed, and have the machine require the operator to confirm that the fingerprint of the loaded image matches what was distributed each time the machine is started. (Potentially allows for human error or a clever social engineering scenario)
2. Only allow the machine to load and run an image digitally signed by Diebold using a public/private keypair. (Could be cracked, but not without major effort and a lot of time spent analyzing a machine on the hacker's part, much like "modchips" for Xbox or PS2).
Instead, it sounds like the machines will load up any image that someone decides to give it (assuming it runs on the hardware etc).
But here is the real kicker - it seems Diebold doesn't even really care about security.
In exclusive stunning admissions some 11 months after the 2004 Presidential Election, a "Diebold Insider" is now finally speaking out for the first time about the alarming security flaws within Diebold, Inc's electronic voting systems, software and machinery. The source is acknowledging that the company's "upper management" — as well as "top government officials" — were keenly aware of the "undocumented backdoor" in Diebold's main "GEM Central Tabulator" software well prior to the 2004 election. A branch of the Federal Government even posted a security warning on the Internet.
Pointing to a little-noticed "Cyber Security Alert" issued by the United States Computer Emergency Readiness Team (US-CERT), a division of the U.S. Department of Homeland Security, the source inside Diebold — who "for the time being" is requesting anonymity due to a continuing sensitive relationship with the company — is charging that Diebold's technicians, including at least one of its lead programmers, knew about the security flaw and that the company instructed them to keep quiet about it.
"Diebold threatened violators with immediate dismissal," the insider, who we'll call DIEB-THROAT, explained recently to The to a reporter via email. "In 2005, after one newly hired member of Diebold's technical staff pointed out the security flaw, he was criticized and isolated."
In phone interviews, DIEB-THROAT confirmed that the matters were well known within the company, but that a "culture of fear" had been developed to assure that employees, including technicians, vendors and programmers kept those issues to themselves.
recommend this
email
print
link to this page
Comments: 2
And then, to top it off, the CEO was quoted during the 2004 campaign saying the he would do "whatever it takes" to insure a Bush victory.
Then, add the fact that Diebold would not allow independent review of the code in the voting machines, claiming it was "proprietary."
This is a recipe for disaster, and some of the results in Ohio and Florida were unbelievable...where precincts reported a larger Republican vote than the TOTAL COUNT OF REGISTERED VOTERS!!!
I don't know why this didn't raise more of a stink than it did. I believe there is a possibility that Kerry actually won the election and it was stolen from him. That's two in a row, folks.