Diebold/Premier Voting Machine Key Copied

By esoteric at 4:26 pm on February 7, 2008 | 3 Comments

Adding to the current furor of news surrounding the issue of electronic voting machines, an egregious mistake by American voting machine producer Diebold (now known as Premier Election Systems) has lead to heightened doubts concerning the integrity of electronic voting.

Diebold has a history of security mishaps dating back to 2003, when they posted the source code for their voting software on a public FTP site. The availability of this code led to the discovery of an exploit in 2004 that would allow for the manipulation of votes as they are tabulated at a central location.

In the company’s most recent debacle, the first major issue of note is that the same physical key can be used to open the locks on all of the touch-screen voting machines that Diebold produces. Secondly, Diebold unwittingly posted a picture of this key on their website on a page that described how replacement keys can be ordered by official account holders. Ross Kinard of sploitcast.com was able to construct several keys based on this image that proved to successfully unlock a test voting machine.

The implication of this security breach is that it is now much easier for an adversary to gain physical access to the innards of a voting machine and attack it by modifying the software via a flash drive or by altering the hardware. This could result in misappropriated votes or denial of service attacks where people’s votes are rendered useless.

Many policy makers are lobbying to make a return to paper ballots, which arguably have fewer undetectable vulnerabilities, but are more tedious to deal with. It is unclear whether electronic voting machines will continue to be used in future or not, but serious changes need to be made before they become even remotely secure. In addition, companies like Diebold/Premier rely on their reputations, and they must earn and maintain the trust of the public in order to be successful.

Youtube video of a homemade key opening the lock on a Diebold electronic voting machine:

http://youtube.com/watch?v=UfGvSJA20-Y

Filed under: Current Events,Integrity,Physical Security3 Comments »

3 Comments

  • 1
    Get your own gravatar for comments by visiting gravatar.com

    Comment by felixctc

    February 8, 2008 @ 10:56 am

    I think this brings up another issue also. People need to be aware of security vulnerability. For example, why in the world would you put the code on FTP and a picture of the key online. This is screaming “Please exploit me”. If they were more aware of the consequences, this wouldn’t have happened. As technology advances, people and companies need to learn the importance of security and how easy it is for adversaries to exploit vulnerabilities after given a little information.

  • 2
    Get your own gravatar for comments by visiting gravatar.com

    Comment by Kris Plunkett

    February 8, 2008 @ 5:26 pm

    Link to an article about this: http://www.bradblog.com/?p=4066#more-4066

  • 3
    Get your own gravatar for comments by visiting gravatar.com

    Comment by jerins

    February 9, 2008 @ 8:28 pm

    It seems interesting to me that most of the exploits and security issues that you see involve some variation of the victim simply handing access or control to the attacker. Many examples (such as this one) are unbelievable in how easy the job of the attacker is made. These issues can obviously have more or less of an impact depending on the situation, but I think it is clear that in the matter of voting machines, the impact is very high. Voting machines have been the target of an amazing amount of controversy, and the motivation of people to break or influence such systems is extremely high. So if we do in fact go to any sort of electronic voting option, it would be imperative that the security measures be of a standard much higher than is displayed in this example.

RSS feed for comments on this post