Voting Machines Compromised in Election Simulation
Posted by Rebecca Bolin on Thursday, January 29 @ 17:51:52 EST
RABA Technologies, at the request of the state of Maryland, has issued a report about the state’s Diebold voting systems, ATM-style DRE terminals using smart cards for voter access. The report criticizes in detail the methodology and assumptions of other security audits and the vague security guidelines issued by the FEC, state, and NIST.
Eight security experts held a Red Team exercise on January 19, using a GEMS server and six AccuVote-TS terminals, replicating an election scenario with no prior knowledge of source code. As suggested by the earlier, Hopkins report, the team quickly guessed the hardcoded passwords to administrator and voter smart cards. At a cost of less than $750, they were able to reset voter cards to allow multiple votes with the same card and suggested similar abuses with forged supervisor and voter cards. All 32,000 statewide terminal locks are identical, and the team picked them in less than 10 seconds, allowing physical access to the PCMCIA bay, which contains cards for the modem and the ballot definitions and results. These cards could be tampered with, destroyed, or stolen for their valuable data. Attaching a keyboard to the terminals allowed resetting of all counters in the PCMCIA bay without an administrator card needed.
The server was missing over fifteen Microsoft security updates, and the team was able to use the flaws used by the “Blaster” worm. By using insecure USB ports or more secure CD drives, the team was able to modify results and databases “at will.” The report contains a more detailed analysis of these flaws, as well as many others. The responses of several groups are in the New York Times.
The RABA report demands immediate improvements for primaries and upcoming elections, including precinct specific passwords, tamper-resistant tape on secure locations, limits on administrator card and modem use, changing server accounts, and major software changes and updates for terminals and servers. RABA suggests that these improvements are mandatory to eliminate the need for voter-verified paper ballots, but that a paper record might still be needed.