Data and smart card passwords can now be set by election workers. The authentication protocol is not secure, allowing an attacker to create counterfeit, validating smart cards, including voter cards.
There is no integrity protection of stored electronic ballots and ballots are stored sequentially. This defeats voter privacy by allowing a voter’s selections to be tied to a voter’s name.
Audit logs are not cryptographically protected and data transmitted over communication lines is neither authenticated nor encrypted.
A custom, malicious bootloader is possible if the terminal is delivered to a polling place in “debug mode.” If not in debug mode, an attacker can open the case and move a hardware switch to enable this attack. An attacker can hide preloaded votes on a forged memory card that the terminal will recognize.
FLORIDA: Software Review and Security Analysis of the Diebold Voting Machine Software Supplemental Report, Security and Assurance in Information Technology (SAIT) Laboratory Florida State University, August 2007.
This report reflects the narrow investigative scope requested by FLDoS (Florida Department of State). These results are not comprehensive in any sense, nor is this report an endorsement of the system’s overall security. We examined only a small subset of the flaws from the SAIT Diebold Report.
All other flaws identified in that report remain in the code base, including vulnerability to a sleepover attack that may allow an intruder to manipulate vote computation or worse.
Significant, critical vulnerability remains in this code base independent of repairs documented in this report.
Until voting systems are developed for “high assurance”, election officials face an unnecessarily high risk and must exercise significantly expanded election security procedures to mitigate known and unknown software vulnerability.
The signature flaw was fixed. This makes it much more difficult for preloaded votes to be hidden.
(Note: Other flaws reported to have been fixed were not detailed above. ~ RA)
KENTUCKY 2007 Voting Expert Letter to KY Attorney General, public version posted at Review of Diebold/Premier, Hart InterCivic, and ES&S.
The review relies on the completeness and accuracy of the testing by the Independent Testing Authorities (ITA) for conformance to voluntary Federal guidelines (Voting systems Standards 2002). However, it has been well established that the ITAs do not adequately perform this role.
The ITA reports used for Federal certification and included in the review packages used by the SBE certifiers are cursory…. (as) reinforced by the fact that none of the ITAs identified the flaws found by the California or Florida source code review teams.
Because the ITA reports are of limited value, the quality examination of the machines as part of the certification processes is crucial, but it too can best be described as cursory.
The security of all of the machines appears to be extremely dependent on their never coming in contact with malicious code, as once that occurs there are few defenses or recovery mechanisms. This is sometimes referred to as the “M&M model of security”: there is a hard crunchy exterior that protects a soft chewy interior.
Next Page 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
