At the start of the month I reported that Diebold had all sorts of problems with their voting machines and that their H4x0r friendly voting systems had been comprehensively proven to be as secure as an open window or as the discoverer descibes it "The design of the Diebold Precinct-Based Optical Scan 1.94w system is, in the author’s own view, more akin to 'a house with an unlockable revolving door.'" Thanks to the Inquirer, I now have a link to the report by Black Box Voting (BBV):
The Hursti Hack requires a moderate level of inside access. It is, however, accomplished without being given any password and with the same level of access given thousands of poll workers across the USA. It is a particularly dangerous exploit, because it changes votes in a one-step process that will not be detected in any normal canvassing procedure, it requires only a single a credit-card sized memory card, any single individual with access to the memory cards can do it, and it requires only a small piece of equipment which can be purchased off the Internet for a few hundred dollars.
One thousand two hundred locations in the U.S. and Canada use Diebold voting machines. In each of these locations, typically three people have a high level of inside access. Temporary employees also often have brief access to loose memory cards as machines are being prepared for elections. Poll workers sometimes have a very high level of inside access. National elections utilize up to two million poll workers, with hundreds or thousands in a single jurisdiction.
Many locations in the U.S. ask poll workers to take voting machines home with them with the memory cards inside. San Diego County (Calif) sent 713 voting machines/memory cards home with poll workers for its July 26 election, and King County (Wash.) sent over 500 voting machines home with poll workers before its Nov. 8 election.
Memory cards are held in a compartment protected by a small plastic seal. However, these simple seals can be defeated, and Hursti has found evidence that the memory card can be reprogrammed without disturbing the seal by using a telephone modem port on the back of the machine.
To be honest calling this report damning is to be kind. The fact that these machines are regularly sent out some days before elections to poll workers means that a hypothetical corrupt poll worker has (at the least) an entire evening to fiddle the system. Moreover, the hacks demonstrated in this are apparently just the tip of the iceberg with the PDF report listing a whole series of possible avenues for additional memory card attacks as well as stating clearly:
Diebold voting systems contain a number of attack vectors. This report pertains to memory card attacks. Details on the following attack vectors are not included in this report, and they will be the focus of other reports:
Central Tabulator attacks: Black Box Voting and the film crew for Votergate.tv, with security experts Mr. Harri Hursti and Dr. Herbert Thompson, conducted field testing in Leon County, successfully penetrating the central tabulator to change vote data using a Visual Basic script. Dr. Thompson has also developed a similar attack using a Java script. The specific procedures used by Dr. Thompson and the scripts themselves, are not part of this report.
Remote Access attacks: The Diebold system is vulnerable to remote access attack, including, but not limited to, exploitation of proprietary protocols in the optical scan system and a variety of exploits with port/socket TCP/3032, which is activated from GEMS and seems not to have access lists limiting the hosts/clients connecting. The specific procedures involved with remote access attacks into the Diebold voting system are not part of this report. Remote access was not used during the field tests for this particular study.
Normally I am a firm believer that Occam's razor typically means that ignorance and/or incompetance is more likely to be the root cause of problems that malice, but given the glaring holes in this system I'm beginning to wonder whether it is possible to be this incompetant, although given that the target customers are government bureaucrats and politicians I guess that it could still be true.
What I think is a key question is why (and given that Diebold makes also ATMs it would seem to be particularly apt) is the security of these voting machines worse than the security of the machines we get money out of? After all if a bank installed ATMs with the level of security that these machines had they would be seeing customers reporting fake ATM withdrawals etc etc about a week after they were first rolled out. A little bit of google and reflection makes me wonder if possibly I am being a little too optimistic, this set of 1992 lecture notes by Ross Anderson shows just how bad ATM security has been in the past and this recent paper is even more worrying, however I think it is fair to say that even banks would consider the voting machine security to be laughable.