showing devastating security flaws in the Diebold touchscreen
machines. This study has now been covered by Newsweek and the New York
Times.
A small supplemental report was issued today pointing out additional
concerns and high priority areas for further study.
The supplemental study can be found here:
http://www.blackboxvoting.org/bbvtsxstudy-supp.pdf
Excerpts:
1. Flash memory erasure:
contents of flash memory. This destructive function was started in the
TS6 with the file [redacted], and there are indications that the
feature is carried over to the TSx with trigger file [redacted], if it
is found on the memory card. This feature was not tested in Emery
County and should be examined further.
2. Further study needed on macros:
TS6 and TSx machines have as built-in features new kinds of macro
capabilities. These capabilities make use of a simplistic Windows
Window Manager Message recording and play function. Presumably the
feature has been designed for automation of volume testing. If this is
the case it is important to understand that this approach bypasses
part of the system and therefore is by no means equal to end-to-end
testing. There are a number of concerns around this feature
functionality warranting further studies.
- The files are stored on the removable memory card as unprotected
plain-text files. There are no protection mechanisms against
modifications to these files.
- Are the WM_message filters adequate?
- Is the processing function secure against buffer overflow / boundary
overflow attacks and/or string format attacks?
- Are the message parameters passed back to windows boundary checked,
is there proper exception handling in place?
Creation and access to the macros is available with poll worker level
access, under some circumstances even without any smart card
authentication.
In preliminary testing the following issues were identified :
- The macro is not contained in the user interface logic. Because of
this, the macro can access settings, changing the telephone number /
ip address and initiating calls.
- Two machines with completely identical software release numbers had
different behavior with the same macro. Machine A just had a software
crash and become unstable, while machine B produced an error message
on the system log and contained the error while still resulting in
loss of software functionalities. There were also other examples of
different, but reproducible, software behaviors between machines with
both modified and unmodified macros.
- File handle processing seems to be flawed and interrupted by
exception macro processing, producing open file handles.
(Note: You can view every article as one long page if you sign up as an Advocate Member, or higher).
