Diebold AccuVote-TS Voting Machine Security.

N&P: Discussion of news headlines and politics.

Moderator: frigidmagi

Post Reply
User avatar
Comrade Tortoise
Exemplar
Posts: 4832
Joined: Thu Jun 09, 2005 1:33 am
19
Location: Land of steers and queers indeed
Contact:

#1 Diebold AccuVote-TS Voting Machine Security.

Post by Comrade Tortoise »

Dont read this before going to bed, you wont be able to sleep

http://itpolicy.princeton.edu/voting/summary.html

A full version can be found here

http://itpolicy.princeton.edu/voting/ts-paper.pdf

A DEMONSTRATION VIDEO can be found here

http://itpolicy.princeton.edu/voting/

and a rebuttal to Diebold's response can be found here

http://www.freedom-to-tinker.com/?p=1065

Have fun with the election fraud kids.
Security Analysis of the Diebold AccuVote-TS Voting Machine:
Executive Summary

Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten

For more information and the full text of this study, see http://itpolicy.princeton.edu/voting.

The Diebold AccuVote-TS and its newer relative the AccuVote-TSx are together the most widely deployed electronic voting platform in the United States. In the November 2006 general election, these machines are scheduled to be used in 357 counties representing nearly 10% of registered voters. Approximately half these counties — including all of Maryland and Georgia — will employ the AccuVote-TS model. More than 33,000 of the TS machines are in service nationwide.

This paper reports on our study of an AccuVote-TS, which we obtained from a private party. We analyzed the machine's hardware and software, performed experiments on it, and considered whether real election practices would leave it suitably secure. We found that the machine is vulnerable to a number of extremely serious attacks that undermine the accuracy and credibility of the vote counts it produces.

Computer scientists have generally been skeptical of voting systems of this type, Direct Recording Electronic (DRE), which are essentially general-purpose computers running specialized election software. Experience with computer systems of all kinds shows that it is exceedingly difficult to ensure the reliability and security of complex software or to detect and diagnose problems when they do occur. Yet DREs rely fundamentally on the correct and secure operation of complex software programs. Simply put, many computer scientists doubt that paperless DREs can be made reliable and secure, and they expect that any failures of such systems would likely go undetected.

Previous security studies of DREs affirm this skepticism, but to our knowledge ours is the first public study encompassing the hardware and software of a widely used DRE. The famous paper by Kohno, Stubblefield, Rubin, and Wallach studied a leaked version of the source code for parts of the Diebold AccuVote-TS software and found many design errors and vulnerabilities, which are generally confirmed by our study. Our study extends theirs by including the machine's hardware and operational details, by finding and describing several new and serious vulnerabilities, and by building working demonstrations of several security attacks.

Main Findings The main findings of our study are:

1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.

2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.

3. AccuVote-TS machines are susceptible to voting-machine viruses — computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.

4. While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.
"Nothing in biology makes sense except in the light of evolution."
- Theodosius Dobzhansky

There is no word harsh enough for this. No verbal edge sharp and cold enough to set forth the flaying needed. English is to young and the elder languages of the earth beyond me. ~Frigid

The Holocaust was an Amazing Logistical Achievement~Havoc
User avatar
SirNitram
The All-Seeing Eye
Posts: 5178
Joined: Thu Jun 30, 2005 7:13 pm
19
Location: Behind you, duh!
Contact:

#2

Post by SirNitram »

Keys to hotel minifridges will open these suckers.

A conspiracy for fraud in 2004? I guess now it's one guy with a hotel room and a touch of programming experience. And this is being promoted to be what we should use everywhere.

Worst part? Diebold does better every day. These machines are either so cut-cost low it's stupid to beleive, or it's purposeful. Disgusting either way.
Half-Damned, All Hero.

Tev: You're happy. You're Plotting. You're Evil.
Me: Evil is so inappropriate. I'm ruthless.
Tev: You're turning me on.

I Am Rage. You Will Know My Fury.
Post Reply