Saturday, May 13, 2006

Diebold Election Systems are truly holey!

I have been watching with interest, the debate in the United States about the use of electronic voting systems during government elections. I personally believe that it is possible to have an electronic voting system that is a suitable replacement for the traditional paper-based methods, but the current system is a complete pig's ear.

For some reason, Diebold Election Systems was chosen as the preferred provider of the technology for the US Elections. Previous to this, the only systems that I associated with Diebold were the photocopier credit systems used at schools, universities and libraries, to allow you to pay for photocopies using your membership card. But it turns out that they also manufacture Automated Teller Machines and other self-service electronic kiosks. If the security of their ATM's is anything like the security of the voting systems, then banks have a lot to worry about.

Diebold were pulled up in July 2003, after it was discovered that encryption of the data collected by the systems was poor at best, and that voters could create their own smart cards, enabling them to vote more than once. And this was discovered after the voting software itself was released publicly on a Diebold website!

Then in September 2004, the state of California accused Diebold of using uncertified software on the machines. This resulted in a US$2.6 million settlement.

But even better than that, is the latest debarcle. A recent Slashdot article lead me in the direction of this blog entry by Bruce Schneier, world-reknowned computer security researcher. According to a recent report by Black Box Voting, the Diebold devices run a basic build of Microsoft Windows CE. While the details are sketchy, it would appear that the Diebold devices ship with Windows Plug'n'Play support enabled...

The devices have dual PCMCIA slots underneath the unit (indicated by B in the picture). The basic idea is that any voter with a PCMCIA memory card (or any other memory card with a PCMCIA adapter), can probably update the software on the machine at their will, and remove the card without anybody knowing that the software was changed.

Or for a more sophisticated attack, voters can use a standard Philips head screwdriver to disassemble the unit, and install an MMC/SD card in the hidden, internal SD slot (located just above the CMOS battery in the picture). Again, this card could simply be a memory card, containing a custom application, or it could be an SD WiFi card, providing a way to remotely trigger an attack. An external inspection of the unit would not show any indication of this type of attack.

Or if all this sounds too easy, you can replace the entire bootloader on the machine with your own, by simply having a file with the appropriate name sitting on a removable memory card while the machine is booting up. Although there are integrity checks in the boot loader, it sounds like they are limited to checking the filename, the size of the file and possibly the file header.

My, my, so many choices! It sounds like even school kids and script kiddies could crack these things.

No comments: