A "red team" review of the Diebold touch-screen electronic voting system

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Fri, 30 Jan 2004 08:11:54 -0500
From: tim finin <finin () cs umbc edu>
Subject: A "red team" review of the Diebold touch-screen electronic voting
 system
To: dave () farber net

Maryland will use Diebold voting machines throughout
the state in the March 2 primary. The Baltimore
Sun has a front page story today reporting on the
results from a local security firm's "red team"
exercise to discover vulnerabilities.  Their
report is available at http://www.raba.com/text/press.html?id=9

--

Md. computer testers cast a vote: Election boxes
easy to mess with In Annapolis, tales of trickery,
vote rigging

By Stephanie Desmon, Sun Staff, January 30, 2004

http://www.sunspot.net/news/local/bal-te.md.machine30jan30,0,4050694.story?coll=bal-home-headlines

For a week, the computer whizzes laid abuse - both
high- and low-tech - on the six new
briefcase-sized electronic voting machines sent
over by the state.

One guy picked the locks protecting the internal
printers and memory cards. Another figured out how
to vote more than once - and get away with
it. Still another launched a dial-up attack, using
his modem to slither through an electronic hole in
the State Board of Elections software. Once
inside, he could easily change vote totals that
come in on Election Day.

"My guess is we've only scratched the surface,"
said Michael A. Wertheimer, who spent 21 years as
a cryptologic mathematician at the National
Security Agency.

He is now a director at RABA Technologies in
Columbia, the firm that the state hired for about
$75,000 to look at Maryland's new touch-screen
voting machines scheduled to be unveiled in nearly
every precinct in Maryland for the March 2
primary.

The state has no choice but to use its $55 million
worth of AccuVote-TS machines made by Diebold
Election Systems for the primary. The old optical
scanners are gone.

Yesterday, Wertheimer calmly presented his
eight-member team's findings to committees in the
House and Senate, explaining the weaknesses they
discovered and a plan for how to plug many of the
cracks, at least in the short run.

...

Sneaking in, via modem

Meanwhile, William A. Arbaugh, an assistant
computer science professor at the University of
Maryland, College Park and part of the team,
easily sneaked his way into the state's computers
by way of his modem. Once in, he had access to
change votes from actual precincts - because he
knew how to exploit holes in the Microsoft
software.

Those holes should have been patched through
regular updates sent to customers, patches that
haven't been installed on the elections equipment
since November.

"There's no security that's going to be 100
percent effective. But the level of effort [needed
to get into the system] was pretty low," Arbaugh
said. "A high school kid could do this. Right now,
the bar is maybe 8th grade. You want to raise the
bar to a well-funded adversary."

"Every system is vulnerable somehow," said Karl
Aro, director of the state's Department of
Legislative Services, who commissioned the study
for the legislature. "The system's not bad but it
needs some work."

No system is completely secure. In fact, the more
elections the state holds, the more opportunities
there will be for hackers to see how it works and
launch new attacks, experts said.

"If you had the time and the money, the sky's the
limit on what you could do to make a secure
system," McLarnon said.

"You just need to raise the level of effort needed
to exploit it so it's not feasible to do," said
fellow consultant John Ormonde.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/