Man-In-the-Middle Remote Attack On Diebold Voting Machines

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."

Re:Well, good thing I didn't research this area.

[BenJury]

>The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. If you can do this, you're going to have no protection at all. Just like paper votes, if the people who run the voting stations are corrupt, then the system can be fiddled. This shouldn't come as a surprise.

Re:Well, good thing I didn't research this area.

[lammy]

The key point is SUPERVISION. Yes, the voting station staff might be corrupt, but if you have representatives from each of the parties with a stake in the election present during the entire voting and counting process, then sleight-of-hand becomes is much trickier. With a pencil-and-paper-based system, you need to distract a great number of people *on election day* (assuming the votes are counted immediately after polls close, as in the UK) in order to 'interfere' with the vote. With the electronic system, all you need is a moment alone with the machine, at basically any point after its manufacture, to make your modifications (whatever they may be - software/hardware - just preferably hard to trace) - and it suddenly doesn't matter how rigorous the supervision is, come election day. Human beings can't supervise at the electron level.

Re:Well, good thing I didn't research this area.

[neyla]

There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

It isn't really needed to count all the votes: picking a small fraction of voting-places randomly and checking those, has a high probability of detecting systematic attempts at cheating nationwide.

Re:Without evidence of tampering?

[lammy]

"Without evidence of tampering" obviously refers to the state of the machines if the alien circuitry is removed before inspection. The attack does not require any wires to be cut or internal components to be destroyed or removed, which would leave physical evidence. You do have a point about the screen blanking, though. Although it only blanks for a split second and I guess most users could be led to believe that this was normal behaviour. Is it suspicious enough for the regular Joe election supervisor to call off the poll and open up the machine?

Man on the inside

[jamesl]

"[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code ...

No, all they needed was access to the machine's internals, modification of it's electronics and knowledge of how to "insert a piece of 'alien electronics' into a circuit board."

Once you give someone physical control of your machine, you have given someone control of your machine.

Re:Not very correct

[JWSmythe]

    What they're saying is that no soldering on the original hardware, nor replacement of any components is necessary. Some previous attacks required the removal of the storage media (compact flash, if I remember right).

    The unit they demonstrated simply requires unplugging two things, and putting their unit in between. After the election is complete, they'd simply need to access the units again, remove the component, and all is well.

    Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.

Re:Well, good thing I didn't research this area.

[kevinNCSU]

what part of 'remote control from half a mile away' does supervision deter?

The part where you have to break the seals on the machine, take it completely apart, hook up circuitry to it, close it back up, and re-seal the now broken tamper-proof tape, let the election run, break back in, break the seals on the machine again, pull your electronics back out of the machine to eliminate evidence and then reseal the machine and fix the tamper-proof seals again.

Re:Well, good thing I didn't research this area.

[somersault]

The costs for simply counting the votes would be pretty small compared to setting up the rest of the election I'd imagine. Also, the costs (in more ways than just money) of letting crooked people get into power are massive.

Re:Well, good thing I didn't research this area.

[SwedishPenguin]

If you go in to e-voting expecting it to make elections cheaper, you're coming at it from the wrong perspective. If the goal of e-voting is not to make it more secure and accessible, then there's no point in doing it. Elections are a minimal cost in the scheme of things, and endangering their validity in order to save a few measly thousands-of-percent of the budget is insane.

Re:inserting the inexpensive electronic device

[Joce640k]

This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.

Usually we ignore the real world practicalities (I believe there's an XKCD cartoon about breaking 4096 bit encryption with a $5 wrench which illustrates this point nicely).

OTOH the Diebold contract should have been cancelled a long time ago and the people forbidden from ever working in security. They're seriously incompetent.

Me? I think electronic voting is basically flawed because information can be tampered with and leave no trace. I want something physical that can be audited later.

My plan:

I'd have the machines print out little cards with a plain text version of the votes on one side and QR codes printed on the other. You can check your vote is correct, fold it in half (it's pre-scored and has glue dots) so that only the QR codes are visible then drop it in the ballot box. The votes can be counted electronically and you have something physical which can be randomly sampled and/or audited later. Best of both worlds!

Re:inserting the inexpensive electronic device

[PopeRatzo]

Vulnerabilities in electronic votes are the equivalent of butterfly ballots and hanging chads. If only people had shown the same determination to find all possible modes of failure in the paper system used in the Florida 2000 election...

No. The extreme vulnerability in electronic voting is not the equivalent of hanging chads. It's the equivalent of powerful people having access to a simple method of rigging elections, as the Supreme Court and Citizens United wasn't enough.