September 13, 2006
They Said it Couldn't be Done: Diebold Voting-Machine Hack Announced at SD Best Practices
John Jainschigg
In his Wednesday evening keynote address on Security at SD Best Practices, Boston, Cigital's Gary McGraw discussed a paper and shared clips from a video demo released today by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy, titled:
Security Analysis of the Diebold AccuVote-TS Voting Machine. The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.
The Diebold machine -- a tablet computer-based tabletop device -- saves program and vote information on standard Flash cards whose slots are secured by a locked metal cover. The video asserted that keys fitting these locks are easily duplicable, and that -- even lacking a key -- a member of Felten's team could routinely pick the locks in less than ten seconds; or gain access to the Flash card by removing six screws from the bottom of the machine and lifting its upper shroud away completely. Once access to the Flash card is gained, the card can be briefly removed, a virus-bearing card inserted, and power cycled -- loading the malicious code into memory. The original card is then re-inserted, exposing it to infection by the virus and making its contents vulnerable to change by viral code. Felten's team was, they assert, able to develop viral code that could "steal votes undetectably, modifying all records, logs and counters to be consistent with the fraudulent vote count it creates." And they were able to embed this functionality in viral envelopes that could propagate from machine to machine during normal pre- and post-election activities (e.g., periodic collection, backup and summary of vote-counts). By compromising just one machine, therefore, an attacker could conceiveably alter results for an entire electoral district, or in some situations, in even more far-reaching ways.
The Princeton team performed its study independently, using a machine obtained from a private party. In his executive summary to the paper, Felten notes that the current work extends and confirms assertions first made by Kohno, Stubblefield, Rubin (all of John's Hopkins) and Wallach (of Rice University) in their well-known 2003 paper Analysis of an Electronic Voting System, which concluded that Diebold machines failed to provide even the most minimal security standards applicable in other contexts (e.g., banking), and asserted that closed-source approaches to building such a device were intrinsically flawed. One of the leaders of that team, Dr. Aviel Rubin, just released a book on this subject, titled: Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.
