General News

Critical Security Alert: Diebold TSx and TS6 Voting Systems

By Harri Hursti for Black Box Voting, Inc.  Posted by Joan Brunwasser (about the submitter)     Permalink       (Page 1 of 1 pages)
Related Topic(s): ; ; ; ; ; ; ; ; ; , Add Tags Add to My Group(s)

View Ratings | Rate It

opednews.com

May 11, 2006
http://www.blackboxvoting.org/bbvtsxstudy.pdf
______________________________________________

The below was forwarded from a discussion group, by Lowell Finley on May 14, 2006 -- it is an effort to summarize and simplify Harri Hursti's report (link above) on Diebold DREs. Finley gave permission to use and disseminate this.

Essentially, Harri Hursti found it is easy to install malicious code permanently on the machine at the most fundamental level that can defeat any attempt to secure the machine afterward.

There are three levels of code in any computer:

-- the BIOS (that interfaces the hardware to the software, controls the system at startup, and is the basic level of machine functionality),

-- the operating system (that provides essential services, including security, for the system),


-- and the application (in this case voting functionality).

The BIOS is what you are working with when a computer starts up and you get the option to press F2 or some other key and set things like the boot sequence, the system clock, the processor speed, and some hardware level functions, including some security functions.

Hursti showed that it is trivial to alter the Diebold BIOS (the most fundamental level in any computer) and to attack both the operating system and voting application as well. All it takes is to connect the right kind of device, to name the files according to Diebold's naming scheme, and to get brief physical access (a minute or two) to the machine. The system will automatically install the malicious code, which can be permanent, can contain functionality to enable further attacks (such as vote reallocation), can protect itself from forensic investigation, and can defeat any security measures added at a higher level (such as hash code checking).

 

The views expressed in this article are the sole responsibility of the author and do not necessarily reflect those of this website or its editors.

Follow Me on Twitter

Contact Editor

Most Popular Articles by this Author:     (View All Most Popular Articles by this Author)

Interview with Dr. Margaret Flowers, Arrested Tuesday at Senate Roundtable on Health Care

Renowned Stanford Psychologist Carol Dweck on "Mindset: The New Psychology of Success"

Howard Zinn on "The People Speak," the Supreme Court and Haiti

Snopes confirms danger of Straight Ticket Voting (STV)

Fed Up With Corporate Tax Dodgers? Check Out PayUpNow.org!

Literary Agent Shares Trade Secrets With New Writers

Comments

The time limit for entering new comments on this article has expired.

This limit can be removed. Our paid membership program is designed to give you many benefits, such as removing this time limit. To learn more, please click here.

Comments: Expand   Shrink   Hide  
No comments