Princeton Prof Claims Diebold Voting Machines Can Be Hacked - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Leadership // IT Strategy

Princeton Prof Claims Diebold Voting Machines Can Be Hacked

A team of researchers says it was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory card to other machines of the same type.

In his Wednesday evening keynote address on Security at SD Best Practices, Boston, Cigital's Gary McGraw discussed a paper and shared clips from a video demo released today by Edward Felten, Ari Feldman, and Alex Halderman of the Princeton Center for Information Technology Policy, titled: Security Analysis of the Diebold AccuVote-TS Voting Machine. The paper details a simple method whereby the Princeton team was able to compromise the physical security of a Diebold voting machine, infecting it with a virus that could change voting results and spread by memory-card to other machines of the same type.

The Diebold machine -- a tablet computer-based tabletop device -- saves program and vote information on standard Flash cards whose slots are secured by a locked metal cover. The video asserted that keys fitting these locks are easily duplicable, and that -- even lacking a key -- a member of Felten's team could routinely pick the locks in less than ten seconds; or gain access to the Flash card by removing six screws from the bottom of the machine and lifting its upper shroud away completely. Once access to the Flash card is gained, the card can be briefly removed, a virus-bearing card inserted, and power cycled -- loading the malicious code into memory. The original card is then re-inserted, exposing it to infection by the virus and making its contents vulnerable to change by viral code. Felten's team was, they assert, able to develop viral code that could "steal votes undetectably, modifying all records, logs and counters to be consistent with the fraudulent vote count it creates." And they were able to embed this functionality in viral envelopes that could propagate from machine to machine during normal pre- and post-election activities (e.g., periodic collection, backup and summary of vote-counts). By compromising just one machine, therefore, an attacker could conceiveably alter results for an entire electoral district, or in some situations, in even more far-reaching ways.

The Princeton team performed its study independently, using a machine obtained from a private party. In his executive summary to the paper, Felten notes that the current work extends and confirms assertions first made by Kohno, Stubblefield, Rubin (all of John's Hopkins) and Wallach (of Rice University) in their well-known 2003 paper Analysis of an Electronic Voting System, which concluded that Diebold machines failed to provide even the most minimal security standards applicable in other contexts (e.g., banking), and asserted that closed-source approaches to building such a device were intrinsically flawed. One of the leaders of that team, Dr. Aviel Rubin, just released a book on this subject, titled: Brave New Ballot: The Battle to Safeguard Democracy in the Age of Electronic Voting.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll