Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Cloud Data Storage Security Hardware Linux

Man-In-the-Middle Remote Attack On Diebold Voting Machines 251

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."

This discussion has been archived. No new comments can be posted.

Man-In-the-Middle Remote Attack On Diebold Voting Machines

Comments Filter:
  • Re:Vote tracking (Score:3, Informative)

    by Anonymous Coward on Wednesday September 28, 2011 @05:47AM (#37537546)

    Sure, and allow the kind of MASSIVE voter-intimidation of Tammaney Hall in New York City that went on in the 19th Century? Secret ballot was brought in FOR A REASON!

    Go back to paper, it takes longer, but is better accountability.

  • by Sique ( 173459 ) on Wednesday September 28, 2011 @08:07AM (#37538150) Homepage

    Why "representatives from each of the parties"? Why not "who wants to attend can attend"?

    That's how it works for most elections anyway. If you want to watch the election, go to the voting hall and sit there. Watch the empty voting boxes being sealed. Watch the breaking fo the seal for the count. Watch the count. Watch the signing of the count sheet and the resealing of the voting boxes. Put your own seal on the boxes too, if you want. Accompagne the car transporting the voting boxes to the central voting office. etc.pp.

    If enough people do this in enough voting districts, large scale fraud is nearly impossible. That's how the people of the former communist East Germany were able to prove in court the voting fraud at least in the last "election"s in 1989 - enough people were at the voting halls, watched the procedure, and took notes of the results, compared them with the official results as announced the next day and found discrepancies.

  • by Anonymous Coward on Wednesday September 28, 2011 @10:52AM (#37539868)

    I've been a voting official; I attended the mandatory training and staffed a booth all day long for the last US presidential election.

    I'm also one of the people who has totally unrestricted, totally unsupervised access to dozens of voting machines.

    This has nothing to do with my status as a trained voting official; basically, I do volunteer maintenance work at local schools and Unitarian Universalist churches. Somebody has to show up at 2AM to fix busted pipes, you know - that somebody is usually me. And in order to distribute the voting machines to the polling places in time, they are generally left in locked rooms at schools and churches for several days.

    I have the keys. And even if I didn't have the keys, obviously I have the skills to get into locked rooms (since I wouldn't be much of a maintenance man if I couldn't get past a door with an inoperative lock). And nobody notices or cares if I'm at the school alone for five hours late at night, because that's something I do whenever it's necessary.

    My reality-based study of the subject convinces me that the current system is optimized for vote fraud. I could easily subvert a hundred machines in any election with near-zero chance of detection.

    Certainly, a paper-based system could also be optimized for corruption - you're absolutely right about that! The example of hiring for-profit companies to design and build machines that record votes by inadequately punching cards is a perfect case in point.

    But regardless of the efficacy of paper votes, the current generation of voting machines are fundamentally flawed and will never be capable of resisting any half-hearted attempt to subvert them. They are designed to be subverted, either intentionally or due to massive incompetence on the part of their designers.

    A voting machine needs to be totally open source, and use voter-verified write-only recording media. Every voter needs to be able to look at the vote that was permanently recorded at time of voting, or the system is trivially defeated. It doesn't matter if votes are recorded on paper, chiseled in stone, or spraypainted on the wall, what matters is that audit trails are not written to trivially rewritable media (magnetic or flash, for example) and that operational hardware and software designs are available to all enfranchised citizens for examination and review.

Thus spake the master programmer: "When a program is being tested, it is too late to make design changes." -- Geoffrey James, "The Tao of Programming"