Sunday, August 05, 2007

Diebold voting machines are vulnerable to virus attacks

Following up on last week's article about university researchers hacking lots of different kinds of voting kiosks comes this news from PC World. Apparently some voting kiosks made by Diebold, (who has already been in hot water for the security (or lack thereof) of their systems) are prone to remote exploits by certain kinds of computer virus. From the article:
Diebold Election Systems Inc. voting machines are not secure enough
to guarantee a trustworthy election, and an attacker with access to a
single machine could disrupt or change the outcome of an election using
viruses, according to a review of Diebold's source code."

The software contains serious design flaws that have led directly to
specific vulnerabilities that attackers could exploit to affect
election outcomes," read the University of California at Berkeley
report, commissioned by the California Secretary of State as part of a
two-month "top-to-bottom" review of electronic voting systems certified
for use in California. The assessment of Diebold's source code revealed an attacker needs only limited access to compromise an election.

"An attack could plausibly be accomplished by a single skilled individual
with temporary access to a single voting machine. The damage could be
extensive -- malicious code could spread to every voting machine in
polling places and to county election servers," it said.

The full report indicated four main problem areas for the software, including insufficient means for preventing hackers from installing malware on the machines, inability to guarantee the secrecy of ballots, no way to prevent election workers from tampering with the machines (and the ballots cast on them), and susceptibility to computer virii (which, let's be honest, is going to be a big problem as long as these devices continue to run on a regular MS Windows operating system).


No comments: