|
|
Diebold
Voting Systems Security Flaws
Between June and July of 2007 voting machines made by Diebold Voting Systems were put through extensive testing by the state of California. The 'Red Team' was comprised of computer scientists, security experts and white-hat hackers and led by UC Davis computer scientist Matthew Bishop. The team was tasked with examining all electronic voter systems for security vulnerabilities.
They were able to break through the security of virtually every model of California's voting machines and change results or take control of some of the systems' electronic functions
There were multiple vulnerabilities in the Diebold system. A partial list of some of the security risks follows. The team's seventeen page report is available in PDF format
1. Election Management System. The testers were able to penetrate the GEMS server system by exploiting vulnerabilities in the Windows operating system as delivered and installed by Diebold. Once this access was obtained, they were able to bypass the GEMS server to access the data directly. Further, the testers were able to take security-related actions that the GEMS server did not record in its audit logs. Finally, with this level of access, the testers were able to manipulate several components networked to the GEMS server, including loading wireless drivers onto the GEMS server that could then be used to access a wireless device plugged surreptitiously into the back of the GEMS server.
2. Physical Security. The testers were able to bypass the physical controls on the AccuVote Optical Scanner using ordinary objects. The attack caused the AV-OS unit to close the polls, meaning the machine could not tally ballots at the precinct or inform voters whether they had “over-voted” their ballot. Similarly, the testers were able to compromise the AccuVote TSx completely by bypassing the locks and other aspects of physical security using ordinary objects. They found an attack that will disable the printer used to produce the VVPAT in such a way that no reminders to check the printed record will be issued to voters.
3. AccuVote TSx. The testers found numerous ways to overwrite the firmware in the AccuVote TSx. These attacks could change vote totals, among other results. The testers were able to escalate privileges from those of a voter to those of a poll worker or central count administrator. This enabled them to reset an election, issue unauthorized voter cards, and close polls. No knowledge of the security keys was needed.
4. Security Keys for Cryptography. The testers discovered that a well-known static security key was used by default.