2007 Technology Tests of Computerized Voting Systems

Data and smart card passwords can now be set by election workers. The authentication protocol is not secure, allowing an attacker to create counterfeit, validating smart cards, including voter cards. 

There is no integrity protection of stored electronic ballots and ballots are stored sequentially.  This defeats voter privacy by allowing a voter’s selections to be tied to a voter’s name. 

Audit logs are not cryptographically protected and data transmitted over communication lines is neither authenticated nor encrypted. 

A custom, malicious bootloader is possible if the terminal is delivered to a polling place in “debug mode.”  If not in debug mode, an attacker can open the case and move a hardware switch to enable this attack.    An attacker can hide preloaded votes on a forged memory card that the terminal will recognize. 

FLORIDA: Software Review and Security Analysis of the Diebold Voting Machine Software Supplemental Report, Security and Assurance in Information Technology (SAIT) Laboratory Florida State University, August 2007.  

This report reflects the narrow investigative scope requested by FLDoS (Florida Department of State). These results are not comprehensive in any sense, nor is this report an endorsement of the system’s overall security. We examined only a small subset of the flaws from the SAIT Diebold Report.

All other flaws identified in that report remain in the code base, including vulnerability to a sleepover attack that may allow an intruder to manipulate vote computation or worse.

Significant, critical vulnerability remains in this code base independent of repairs documented in this report. 

Until voting systems are developed for “high assurance”, election officials face an unnecessarily high risk and must exercise significantly expanded election security procedures to mitigate known and unknown software vulnerability. 

The signature flaw was fixed.  This makes it much more difficult for preloaded votes to be hidden. 

(Note: Other flaws reported to have been fixed were not detailed above. ~ RA)  

KENTUCKY 2007 Voting Expert Letter to KY Attorney General, public version posted at Review of Diebold/Premier, Hart InterCivic, and ES&S. 

The review relies on the completeness and accuracy of the testing by the Independent Testing Authorities (ITA) for conformance to voluntary Federal guidelines (Voting systems Standards 2002). However, it has been well established that the ITAs do not adequately perform this role. 

The ITA reports used for Federal certification and included in the review packages used by the SBE certifiers are cursory…. (as) reinforced by the fact that none of the ITAs identified the flaws found by the California or Florida source code review teams. 

Because the ITA reports are of limited value, the quality examination of the machines as part of the certification processes is crucial, but it too can best be described as cursory. 

 1  |  2  |  3  |  4  |  5  |  6  |  7  |  8