Home
Hot NewsEconCrisisObamaElection IntegrityLGBT GayMediaBiz- EconEdgesGovtReligionsLife/ArtsSecurity WMDs Terror
Rights Justice DemocracyHealthVeterans MilitaryTorture GuantanamoFood/FarmingMideast Iran Iraq Afg PaMid East911Eco EnviroActivismCommunity
Refresh   Tag(s): ; ; ; ; ; ; ; ; ;
Add to My Group
May 12, 2006 at 15:49:03

View Ratings | Rate It

Critical security alert: Three-level security flaws found in Diebold touch-screens

submit to twitter
submit to reddit
submit to digg
Tell A Friend
SAVE AS FAVORITE
VIEW FAVORITES

By Bev Harris, Black Box Voting, Posted by Joan Brunwasser (about the submitter)     Page 2 of 3 page(s)

opednews.com     Permalink

It is important to understand that these attacks are permanent in
nature, surviving through the election cycles. Therefore, the
contamination can happen at any point of the device's life cycle and
remain active and undetected from the point of contamination on
through multiple election cycles and even software upgrade cycles.

Here is a rough analogy:

- The application can be imagined as written instructions on a paper.
If it is possible to replace these instructions, as it indeed seems,
then the attacker can do whatever he wishes as long as the
instructions are used.

- The operating system is the man reading the instructions. If he can
be brainwashed according to the wishes of the attacker, then even
correct instructions on the paper solve nothing. The man can decide to
selectively do something different than the instructions. New paper
instructions come and go, and the attacker can decide which
instructions to follow because the operating system itself is under
his control.


- The boot loader is the supreme entity that creates the man, the
world and everything in it. In addition to creating, the boot loader
also defines what is allowed in the world and delegates part of that
responsibility to the operating system. If the attacker can replace
the boot loader, trying to change the paper instructions or the man
reading them does not work. The supreme entity will always have the
power to replace the man with his own favorite, or perhaps he just
modifies the man's eyes and ears: Every time the man sees yellow, the
supreme being makes him think he is seeing brown. The supreme entity
can give the man two heads and a secret magic word to trigger
switching the heads.

In the world of the Diebold touch-screen voting terminals, all of
these attacks look possible.

The instructions (applications and files) can be changed. The man
reading the files (Windows CE Operating System and the libraries) can
be changed. Or the supreme entity (boot loader) can be changed, giving
total control over the operating system and the files even if they are
"clean software."

Specific conceptual information is contained in the report, with
details and filenames in the high-security version which is being
delivered under cryptographic and/or personal signature controls to
the EAC, Diebold CEO Tom Swidarski and CERT.

1) Boot loader reflashing
2) Operating system reflashing
3) Selective file replacement

In addition, the casing of the TSx machines lack basic seals and
security, and within the casing additional exploitations are found.

Conclusions and Recommendations

Because there is no way of having chain of custody or audit trail for
machines, the machines need to be reflashed with a known good version
(assessing the risks potentially inherited). Ideally this should be
done by the proper governmental authorities rather than being
outsourced.

After that, extensive chain of custody management has to be
established to make sure that machines do not potentially get
recontaminated. Less than five minutes is required for contamination.

The bootloader needs to be re-engineered.

The cases need to be properly and permanently sealed.

Further study is warranted around these issues and others in the May
15, 2006 Supplemental Report for the Emery County TSx study.

Next Page  1  |  2  |  3

 

The views expressed in this article are the sole responsibility of the author
and do not necessarily reflect those of this website or its editors.

Contact Editor

 

Book Recommendations for "2006 Elections Democracy"
Americas New Democracy, 2006 Election Update. 3rd
by Fiorina Morris P Peterson Paul E Voss Stephen D Johnson Bertram

$107.50

Number of pages:
Publisher: Peerson Longman

The President's news conference.(Week Ending Friday, January 27, 2006)(democracy and Palestinian elections): An article from: Weekly Compilation of Presidential Documents

$5.95

Number of pages: 30
Publisher: Thomson Gale

Democracy Under Pressure: An Introduction to the American Political System, 2006 Election Update
by Milton C. Cummings

$161.95
Lowest New Price $70.79
Number of pages: 792
Publisher: Wadsworth Publishing

Telecourse Study Guide - Voices in Democracy for Cummings/Wise's Democracy Under Pressure: An Introduction to the American Political System, 2006 Election Update, 10th
by Milton C. Cummings

$49.95
Lowest New Price $48.10
Number of pages: 240
Publisher: Wadsworth Publishing

View All Book Recommendations

Share this page: (what's this?)                   Tell a Friend: Tell A Friend

FACEBOOK      DIGG THIS      Add This Page to Mr Wong!           NEWSVINE      DEl.ICIO.US      Looksmart Furl      NETSCAPE      My Web      Tag!RawSugar      Blink List     (More...)

Comments: Expand   Shrink   Hide  
No comments

 
Want to post your own comment on this Article? Post Comment

 

 

 

Tell a Friend: Tell A Friend

Copyright © 2002-2009, OpEdNews

Powered by Populum