.gif){kind=small}
| Newsletter Archives | The Campaign Tool Chest |
|
| Home Auctions By State | Campaigner's Bookstore |
|
Electronic Voting
Systems Fail California’s Security Testing
Between June and July of 2007 voting machines made by Sequoia Voting Systems were put through extensive testing by the state of California. The 'Red Team' was comprised of computer scientists, security experts and white-hat hackers and led by UC Davis computer scientist Matthew Bishop. The team was tasked with examining all electronic voter systems for security vulnerabilities. They were able to break through the security of virtually every model of California's voting machines and change results or take control of some of the systems' electronic functions There were multiple vulnerabilities in the Sequoia system. A partial list of some of the security risks follows. The team's thirteen page report is available in PDF format 2. Overwriting Firmware. The testers discovered numerous ways to overwrite the firmware of the Sequoia Edge system, using (for example) malformed font files and doctored update cartridges. The general approach was to write a program into memory and use that to write the corrupt firmware onto disk. At the next reboot, the boot loader loaded the malicious firmware. At this point, the attackers controlled the machine, and could manipulate the results of the election. No source code access was required or used for this attack, and a feature of the proprietary operating system on the Edge made the attack easier than if a commercial operating system had been used.3. Overwriting the Boot Loader. Just as the testers could overwrite firmware on the disk, they could overwrite the boot loader and replace it with a malicious boot loader. This program could then corrupt anything it loaded, including previously uncorrupted firmware. 4. Detecting Election Mode. The firmware can determine whether the system is in test mode (LAT) or not. This means malicious firmware can respond correctly to the pre- election testing and incorrectly to the voters on Election Day. 5. Election Management System. The testers were able to bypass the Sequoia WinEDS client controlling access to the election database, and access the database directly. They were able to execute system commands on the host computer with access only to the database. Further, the testers were able to exploit the use of the autorun feature to insert a malicious program onto the system running the Sequoia WinEDS client; this program would be able to detect the insertion of an election cartridge and configure it to launch the above attacks when inserted into an Edge. 6. Presence of an Interpreter. A shell-like scripting language interpreted by the Edge includes commands that set the protective counter, the machine’s serial number, modify the firmware, and modify the audit trail. 7. Forging materials. Both the update cartridges and voter cards could be forged.
|
|
|
Sequoia
Voting Systems Security Flaws