|
|
|
Fundraising Letters
|
|
|
Campaign Emails
|
|
Electronic Voting Systems Fail California’s Security Testing
July-29-07
On Friday, California released the results of the state’s extensive testing of electronic voting systems. State-sanctioned teams of computer specialists were able to break through the security of every model of voting machine and change results or take control of some of the systems' electronic functions.
Some county elections officials in the state voiced concerns about the study, saying they worry that they could be forced to junk millions of dollars in voting machines if the California Secretary of State decertifies them for the February election.
During her election campaign last year, Secretary of State Debra Bowen made it clear she had little confidence in the security of electronic voting machines and vowed to review their use in the state.
The review included voting equipment from every company certified for use in the state except one, Election Systems and Software. Major suppliers included in the study were Diebold Election Systems, Hart Intercivic, and Sequoia Voting Systems.
Election Systems and Software missed the deadline for submitting the equipment so their systems were not included in the top-to-bottom testing.
The study was designed to discover vulnerabilities in the technology of voting systems used in the state. It did not deal with any physical security measures that counties might take and "made no assumptions about constraints on the attackers,'' Secretary of State Debra Bowen said in a telephone news conference Friday.
The review consisted of three parts, one of which involved a Red Team led by UC Davis computer scientist Matthew Bishop that was tasked with examining the systems for security vulnerabilities (see this PDF for a description of the Red Team's testing protocol).
The Red Team said they did not have enough time to fully examine the systems and was confident that further examination would reveal additional security vulnerabilities in the voting systems. The team reported that some but not all of the vulnerabilities found could be mitigated with proper physical security of the machines, security training of staff, and contingency planning.
Sample Vulnerabilities
Diebold voting system:
-
Testers penetrated the GEMS server system by exploiting vulnerabilities in the Windows operating system.
-
Able to bypass the physical controls on the AccuVote Optical Scanner using ordinary objects.
-
Numerous ways to overwrite the firmware in the AccuVote TSx and change vote totals.
-
Well-known static security key used by default.
Sequoia Voting System:
-
Discovered numerous ways to overwrite the firmware of the Sequoia Edge system including using malformed font files and doctored update cartridges.
-
Able to overwrite the boot loader and replace it with a malicious boot loader.
-
Malicious firmware can respond correctly to the pre- election testing and incorrectly to the voters on Election Day.
-
Testers were able to bypass the Sequoia WinEDS client controlling access to the election database, and access the database directly
-
Presence of shell-like Interpreter
-
Update cartridges and voter cards could be forged
Hart InterCivic Voting System
-
Discovered undisclosed account on the Hart software that an attacker who penetrated the host operating system could exploit
-
Testers were able to overwrite the eScan firmware, access menus that should have been locked, and alter vote totals using ordinary objects.
-
Team verified that the mobile ballot box (MBB) card can be altered during an election
-
The testers were able to remotely capture the audio from a voting session providing an attack that violates voter privacy.
-
The team was also able to force an eSlate to produce multiple barcodes after printing “BALLOT ACCEPTED”
For more on this, please see:
California Bars Voting Machines – US Considers
Are You Eligible for Stimulus Money?