Posted by Bev Harris on Monday, July 03, 2006 - 02:36 pm:
States and local jurisdictions did not take sufficient action to
Black Box Voting has provided the following to VoterAction.org for its
litigation. This will become a public record via the litigation filed
by Lowell Finley. Because public officials who have received the
unredacted reports have failed to take this risk seriously and arrange
for appropriate mitigations, and because Black Box Voting believes
this information is of critical public interest for pending litigation
and citizen actions, we are releasing it publicly now.
A huge risk to the integrity of elections is a contaminated
bootloader. Here's why: If you own the bootloader, you own the
machine. The source code for the TSx, along with the technical data
package, have been publicly released since 2003. Estimates are that it
would take approximately three months for a reasonably skilled
programmer to design a working malicious bootloader.
You cannot clean a maliciously designed bootloader with the
mitigations performed so far by state officials (replacing programs
via memory cards)
1) It appears not to have been examined by the Independent Testing
Authorities (ITAs). Therefore, we don't even know whether the original
bootloader contains malicious code.
2) There appears to be no authentication procedure when installing
"clean versions" to ensure that the code is the same as that which was
examined by the ITAs (and in this case, the ITAs didn't even examine
3) There is no forensic test that will reveal a malicious bootloader
4) Because of the design of the Diebold TSx machine, a malicious
bootloader can be installed at any time from factory installation to
the election itself. Once a bootloader is contaminated, it can control
the machine permanently.
A contaminated bootloader, especially in combination with other
security issues in the TSx, has the potential to allow remote access
on an election-by-election basis, at any time during the election
cycle and even years in advance of the election.
which can be used to take control of the motherboard. Although you
cannot reliably clean a malicious bootloader by reinstalling it with a
memory card, you can install a pristine version using the JTAG cable.
However, there appears to be no pristine version of the bootloader,
since it has never been examined by the ITAs.
6) Unfortunately, the JTAG connector can be used to overwrite a
so-called authentic and proper bootloader with a malicious one. Thus,
even if a so-called pristine bootloader is installed via the JTAG
connector, the same connector can be used to replace that one with a
new one at any time.