Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Man-In-the-Middle Remote Attack On Diebold Voting Machines

Soulskill posted more than 2 years ago | from the some-things-never-change dept.

Cloud 251

An anonymous reader tips news of a vulnerability discovered in the Diebold Accuvote voting system, which could be used to alter voting results without leaving evidence of tampering. Quoting Salon: "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code. ... The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away. ... The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well."

cancel ×

251 comments

Sorry! There are no comments related to the filter you selected.

Well, good thing I didn't research this area. (1)

MrCrassic (994046) | more than 2 years ago | (#37537440)

(a) First post! (b) I was going to do research into voting protocols as a senior design project. I'm convinced that there is no truly, 100% secure way of implementing this, unfortunately. I wish there was, though.

Re:Well, good thing I didn't research this area. (2, Insightful)

BenJury (977929) | more than 2 years ago | (#37537476)

>The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. If you can do this, you're going to have no protection at all. Just like paper votes, if the people who run the voting stations are corrupt, then the system can be fiddled. This shouldn't come as a surprise.

Re:Well, good thing I didn't research this area. (5, Insightful)

lammy (1557325) | more than 2 years ago | (#37537602)

The key point is SUPERVISION. Yes, the voting station staff might be corrupt, but if you have representatives from each of the parties with a stake in the election present during the entire voting and counting process, then sleight-of-hand becomes is much trickier. With a pencil-and-paper-based system, you need to distract a great number of people *on election day* (assuming the votes are counted immediately after polls close, as in the UK) in order to 'interfere' with the vote. With the electronic system, all you need is a moment alone with the machine, at basically any point after its manufacture, to make your modifications (whatever they may be - software/hardware - just preferably hard to trace) - and it suddenly doesn't matter how rigorous the supervision is, come election day. Human beings can't supervise at the electron level.

Re:Well, good thing I didn't research this area. (0)

Anonymous Coward | more than 2 years ago | (#37537944)

what part of 'remote control from half a mile away' does supervision deter?

Re:Well, good thing I didn't research this area. (4, Insightful)

kevinNCSU (1531307) | more than 2 years ago | (#37538084)

what part of 'remote control from half a mile away' does supervision deter?

The part where you have to break the seals on the machine, take it completely apart, hook up circuitry to it, close it back up, and re-seal the now broken tamper-proof tape, let the election run, break back in, break the seals on the machine again, pull your electronics back out of the machine to eliminate evidence and then reseal the machine and fix the tamper-proof seals again.

inserting the inexpensive electronic device (1)

mangu (126918) | more than 2 years ago | (#37538040)

With a pencil-and-paper-based system, you need to distract a great number of people *on election day*

Hmmm, wrong! Your rose-tinted-glasses view of paper votes clashes with reality [google.com] .

As long as you can raise doubt about the accuracy of votes you can request a recount. Good luck with keeping supervision on all ballot boxes for all time after the election until the last recount is done.

I can' t understand how slashdotters keep raising the same theoretical objections to electronic voting while they disregard the observed facts. Guys, this is religion! Slashdot dogma says electronic voting is bad, paper voting is perfect. This is stupid.

I'm all for researching possible attacks on electronic ballots, but as a means to perfect the system, not as an argument to pretend there are no possible ways to improve it. So, is there a way to insert an "inexpensive electronic device" into a ballot? Simple solution, remove all unused connectors from the circuit boards. For every vulnerability there's a solution.

Vulnerabilities in electronic votes are the equivalent of butterfly ballots and hanging chads. If only people had shown the same determination to find all possible modes of failure in the paper system used in the Florida 2000 election...

Re:inserting the inexpensive electronic device (2)

Sique (173459) | more than 2 years ago | (#37538184)

I have to correct you, but actually it's possible to supervise all voting boxes until the last recount is done. If you understand any german (or the english your favourite online translator generates from german), you might have a look at Voting Fraud of Dachau [wikipedia.org] to see it in action.

Re:inserting the inexpensive electronic device (4, Insightful)

Joce640k (829181) | more than 2 years ago | (#37538306)

This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.

Usually we ignore the real world practicalities (I believe there's an XKCD cartoon about breaking 4096 bit encryption with a $5 wrench which illustrates this point nicely).

OTOH the Diebold contract should have been cancelled a long time ago and the people forbidden from ever working in security. They're seriously incompetent.

Me? I think electronic voting is basically flawed because information can be tampered with and leave no trace. I want something physical that can be audited later.

My plan:

I'd have the machines print out little cards with a plain text version of the votes on one side and QR codes printed on the other. You can check your vote is correct, fold it in half (it's pre-scored and has glue dots) so that only the QR codes are visible then drop it in the ballot box. The votes can be counted electronically and you have something physical which can be randomly sampled and/or audited later. Best of both worlds!

Re:inserting the inexpensive electronic device (0)

Anonymous Coward | more than 2 years ago | (#37538940)

The visible QR codes obviously allow vote verification and thus vote selling and or coersion, the qrcode needs to be on the inside of the fold as well.

However having the counting staff open the votes and pass the qrcodes under a scanner that will display the vote on screen allows them to very quickly compare the electronic result vs the plaintext (no need to even be careful about that except for maybe one in 20 or so ballots, in general visual mismatch in text is very easy to spot without even thinking about it).

Re:inserting the inexpensive electronic device (1)

Fnord666 (889225) | more than 2 years ago | (#37539114)

This is true for all nerdy arguments - if something isn't 100% perfect then it's obviously completely useless.

Of course, but then we do tend to think in binary.

Re:inserting the inexpensive electronic device (3, Insightful)

PopeRatzo (965947) | more than 2 years ago | (#37538346)

Vulnerabilities in electronic votes are the equivalent of butterfly ballots and hanging chads. If only people had shown the same determination to find all possible modes of failure in the paper system used in the Florida 2000 election...

No. The extreme vulnerability in electronic voting is not the equivalent of hanging chads. It's the equivalent of powerful people having access to a simple method of rigging elections, as the Supreme Court and Citizens United wasn't enough.

Re:inserting the inexpensive electronic device (0)

Anonymous Coward | more than 2 years ago | (#37538458)

No. The extreme vulnerability in electronic voting is not the equivalent of hanging chads. It's the equivalent of powerful people having access to a simple method of rigging elections

That's a good point.

as the Supreme Court and Citizens United wasn't enough.

And now you just ruined it with your tinfoil hat.

Re:inserting the inexpensive electronic device (2)

SlippyToad (240532) | more than 2 years ago | (#37538500)

And now you just ruined it with your tinfoil hat.

Citizens' United is a real SCOTUS ruling which effectively removes any and all campaign finance reform rules and leaves US elections a massive, no-rules free for all. What part of that sold, indisputable fact do you fucking think is "tinfoil hat" worthy?

Re:inserting the inexpensive electronic device (1)

Entrope (68843) | more than 2 years ago | (#37539124)

The part where you totally misrepresent what the Citizens United ruling does. (It allows corporations to spend money on campaign ads, rather than requiring them to create a PAC to spend the money. It does not allow them to donate to election campaigns, it does not allow any new kinds of coordination between corporations and election campaigns, it does not change any donation limits, and it does not reduce any disclosure requirements.)

Of course, you are in good company -- the President of the United States is (or was) apparently almost as deluded as you are about what the ruling says.

Re:inserting the inexpensive electronic device (2)

tbannist (230135) | more than 2 years ago | (#37538566)

The Supreme Court did prevent a recount from occurring and thus changed the results of the Presidential Election in 2000. You may want to spend some time considering how the world might be different if instead of playing politics they had simply ruled that all ballots in Florida must be recounted as an equal protection measure. Would the war in Iraq have happened? Would the financial crash in 2008? We will never know, but the Supreme court bears partial responsibility both disasters now since they clearly chose to decide along political lines instead of legal ones and thus tampered with the will of the people.

It's never a good sign when the legal system is picking the political leaders is a supposed democracy (democratic republic for the ignorant mouth-breathing pendants).

Re:inserting the inexpensive electronic device (-1, Troll)

Anonymous Coward | more than 2 years ago | (#37538754)

The Supreme Court did prevent a recount from occurring and thus changed the results of the Presidential Election in 2000

WRONG! The Florida Supreme Court allowed several recounts with several "variations" of the rules. The Gore people kept coming back over and over and over again asking for more and more rule changes such as, "If a chad is hanging by one thread, it's a vote for Gore" or "If the voter voted for more than one candidate, and one of them being Gore, it's a vote for Gore" or "If the chad for Gore's slot is dented (dimpled), then it's a vote for Gore." It was obvious that the Gore camp was going to continue asking for recounts and rule changes until they found the perfect rule set that would seal a Gore victory.

The Supreme Court ruled that the state for Florida may not have one set of rules for one district, and a different set of rules for another district. This included the amount of scrutiny each ballot received. If one county was to spend weeks investigating each and every ballot, then all counties would have to spend an equal amount of time on each of their ballots. It's called "Equal Protection Under the Law" and it's in the Constitution. Before the Supreme Court decision, the Republicans offered a statewide recount with every county given the same scrutiny as the few Democratic counties being recounted, but the Democrats refused the offer knowing that the few extra votes they could squeeze from Broward County and the Miami-Dade area would be negated by the extra votes squeezed from Little Havana and the Panhandle.

Also, several independent state wide recounts were held and when reasonable rules were applied, Bush won Florida every time. Then again, if you still don't believe the fact that Bush won Florida by now, then no amount of truth will change your mind.

Re:Well, good thing I didn't research this area. (3, Informative)

Sique (173459) | more than 2 years ago | (#37538150)

Why "representatives from each of the parties"? Why not "who wants to attend can attend"?

That's how it works for most elections anyway. If you want to watch the election, go to the voting hall and sit there. Watch the empty voting boxes being sealed. Watch the breaking fo the seal for the count. Watch the count. Watch the signing of the count sheet and the resealing of the voting boxes. Put your own seal on the boxes too, if you want. Accompagne the car transporting the voting boxes to the central voting office. etc.pp.

If enough people do this in enough voting districts, large scale fraud is nearly impossible. That's how the people of the former communist East Germany were able to prove in court the voting fraud at least in the last "election"s in 1989 - enough people were at the voting halls, watched the procedure, and took notes of the results, compared them with the official results as announced the next day and found discrepancies.

Re:Well, good thing I didn't research this area. (-1)

Anonymous Coward | more than 2 years ago | (#37537482)

(a) First post!

If you'd stopped there then you'd be a winner. Unfortunately the rest of your post has too much relevance to the article to count as a true first post. Also, a couple of typos would have helped. Try: Stirf Sopt.

Re:Well, good thing I didn't research this area. (4, Insightful)

neyla (2455118) | more than 2 years ago | (#37537616)

There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

It isn't really needed to count all the votes: picking a small fraction of voting-places randomly and checking those, has a high probability of detecting systematic attempts at cheating nationwide.

Re:Well, good thing I didn't research this area. (1)

GoodNewsJimDotCom (2244874) | more than 2 years ago | (#37537698)

EXACTLY! There *needs* to be a paper trail. This is why I voted,"Protest E-Vote" in the 2008 election. I'm a concerned citizen who protests the use of electronic voting machines irresponsibly.

Re:Well, good thing I didn't research this area. (1)

SwedishPenguin (1035756) | more than 2 years ago | (#37537758)

I agreed up until the last sentence... All votes should be manually counted regardless of how "close" or "non-suspicious" the results are. It's not particularly hard, we usually manage to count 100% of the votes in the precints by early morning after, and 99.9% by late night. The votes are then counted again centrally in each county to officially certify the count and the election.

Re:Well, good thing I didn't research this area. (1)

GoodNewsJimDotCom (2244874) | more than 2 years ago | (#37537810)

Ok, maybe I agree with you. I was just thinking there was a cost associated with counting votes by hand. In order to alleviate these costs, we could do random verification of results similar to the verification system on patched video games. I mean it'd pretty crazy hard to "hack what you can" on the machines then somehow be able to also coordinate with the verification. The only way you could do that would be an inside job... Ok, yah, count the paper trail votes by hand :)

Re:Well, good thing I didn't research this area. (0)

Anonymous Coward | more than 2 years ago | (#37537962)

We are too obsessed with reducing immediate monetary costs. Other costs, of which the translation to money isn't directly obvious, are important too. It's quite all right to keep spending some extra money if that helps to safeguard the integrity of democracy.

Re:Well, good thing I didn't research this area. (3, Insightful)

somersault (912633) | more than 2 years ago | (#37538176)

The costs for simply counting the votes would be pretty small compared to setting up the rest of the election I'd imagine. Also, the costs (in more ways than just money) of letting crooked people get into power are massive.

Re:Well, good thing I didn't research this area. (1)

CastrTroy (595695) | more than 2 years ago | (#37538516)

Exactly. The cost of using paper votes and counting by hand is vastly cheaper than using machines. Even if you have to pay the people who count. Not to mention all the other problems with using machines such as machines breaking down, or not having enough machines to handle all the voters because of their high cost. In Canada, we use cardboard resting on a table as our voting booth. Elections are usually held at schools, so the tables are there and available anyway. Counting is done at each polling station, usually within a few hours after closing. Votes are counted so fast they had to create a law against reporting results in the east before the polls were closed in the west.

Re:Well, good thing I didn't research this area. (1)

thegarbz (1787294) | more than 2 years ago | (#37538092)

So why not reduce the very expensive middleman and eliminate electronic voting altogether?

e-voting was supposed to replace manual counting. If you can't do that then there's no point in spending millions on e-voting machines.

Re:Well, good thing I didn't research this area. (3, Insightful)

SwedishPenguin (1035756) | more than 2 years ago | (#37538188)

If you go in to e-voting expecting it to make elections cheaper, you're coming at it from the wrong perspective. If the goal of e-voting is not to make it more secure and accessible, then there's no point in doing it. Elections are a minimal cost in the scheme of things, and endangering their validity in order to save a few measly thousands-of-percent of the budget is insane.

Re:Well, good thing I didn't research this area. (1)

gtbritishskull (1435843) | more than 2 years ago | (#37538208)

In theory electronic voting would be more reliable and less open to interpretation than paper voting. I would be fine counting votes by hand until people were confident that the electronic voting machines were actually accurate.

Re:Well, good thing I didn't research this area. (1)

JasterBobaMereel (1102861) | more than 2 years ago | (#37538398)

Voting machines can never be trusted... unless the manufacturer and everyone who works for them, and everyone at the polling station is unbiased ... which they cannot be

A voting machine that prints out, you check and then but in a box in the old fashioned way, stops spoilt papers and unclear intentions, and is easily verified
No purely electronic voting machine can be as open and verifiable as this ...?

Re:Well, good thing I didn't research this area. (1)

he-sk (103163) | more than 2 years ago | (#37538454)

The _hypothesis_ that electronic voting is somehow less open to interpretation has been thoroughly disproven by reality in the last decade. It can also be shown to be theoretically false very easily: The integrity of the manual hand count stems from the fact that any idiot^W^W the average voter can monitor the process and be reasonably sure that no tampering occurred. An electronic voting machine^W^W^W general purpose computer is completely opaque in that regard. Ken Thompson showed 25 years ago that even an expert cannot be sure that there's no tampering unless he built the entire system from scratch (including the hardware).

Re:Well, good thing I didn't research this area. (1)

cavreader (1903280) | more than 2 years ago | (#37538672)

Why don't we just throw all the candidates names into a hat and randomly draw the winners? The results can't be any worse than the current system produces and it would be a hell of a lot cheaper and faster.

Re:Well, good thing I didn't research this area. (1)

Joce640k (829181) | more than 2 years ago | (#37538332)

So....what we need is e-counting?

See my plan a bit further up ^^

Re:Well, good thing I didn't research this area. (1)

JasterBobaMereel (1102861) | more than 2 years ago | (#37538368)

E-voting with a print out as the last option stops spoilt papers (well unless you are using old hanging chad machines) and can speed up counting as there are no longer any unclear choices

E-voting where everything is kept electronically is always suspect, and always open to fraud/hacking etc ...

Re:Well, good thing I didn't research this area. (1)

ashvin213 (1602795) | more than 2 years ago | (#37537876)

This can be done without the paper part of it. Every voter registers his email address with the election council. At the last step, instead of paper print, you send out an email with a secret code associated with that email. Now all news channels/NGOs/Etc conduct exit polls as before and your voter can go and enter the secret code/email address to each one of those exit polls. If all the exit polls match closely with the election results then we can assume that the voting machine is fair. Also, since the voting results are with a huge section of the society [i.e., the media], it is more difficult than paper machines to tamper the results.

Re:Well, good thing I didn't research this area. (1)

somersault (912633) | more than 2 years ago | (#37538196)

That gets rid of the anonymity of voting. Some people care about that kind of thing.

(I'm indifferent - I wouldn't mind my vote being traceable back to me, but then I don't live under an especially oppressive regime, and even if I were to vote I wouldn't be voting for the BNP or anything like that)

Re:Well, good thing I didn't research this area. (1)

drinkypoo (153816) | more than 2 years ago | (#37538442)

What anonymity of voting? ISTR the ballot being handed to me by someone who knew who I was.

Re:Well, good thing I didn't research this area. (1)

somersault (912633) | more than 2 years ago | (#37538670)

Did he get to see who you voted for?

Re:Well, good thing I didn't research this area. (2)

John Bresnahan (638668) | more than 2 years ago | (#37538244)

Really dumb idea.

Not everyone has an email address. And, I'm sure that the people without email address are predominately from the lower economic stratus. So, that's one source for bias in your exit polling idea.

Also, the vast majority of people wouldn't bother registering for this exit poll, so it would take a relatively small effort to get the supporters of one side to disproportionally register, leading to an inaccurate exit poll.

Finally, anyone in a position to capture these email messages with the special code could sell them to the highest bidder.

Your idea would do nothing to make an exit poll more accurate, but it would throw valid elections into doubt.

Re:Well, good thing I didn't research this area. (2)

dkleinsc (563838) | more than 2 years ago | (#37538298)

Every voter registers his email address with the election council.

There's your first problem. Not all voters have access to a computer, and many don't have an email address.

At the last step, instead of paper print, you send out an email with a secret code associated with that email.

Which, since email is plaintext, can be intercepted.

Now all news channels/NGOs/Etc conduct exit polls as before and your voter can go and enter the secret code/email address to each one of those exit polls

If a voter can demonstrate their individual vote at any location other than the polling place, then their vote can be bought or coerced. Imagine, say, an employer saying "Vote against this business tax increase if you want to keep your job."

Re:Well, good thing I didn't research this area. (1)

Joce640k (829181) | more than 2 years ago | (#37538382)

Questions: How would you ensure all the emails arrive without being tampered with during transit? What about people who haven't got email? How do you know the software inside the machines is OK? Why bother with electronic exit polls, why not just ask them?

Bottom line: You can *never* do it 100% electronically. Information and software are just too easy to manipulate (and it leaves no trace).

Re:Well, good thing I didn't research this area. (0)

Anonymous Coward | more than 2 years ago | (#37537922)

It helps, but trojan attacks have been demonstrated against this sort of system too. One technique used was voiding votes and re-casting them after the voter leaves the booth (since this system showed them their paper vote and gave them a final chance to cancel it, i.e. it could wind the paper tape back.)

Re:Well, good thing I didn't research this area. (1)

buchanmilne (258619) | more than 2 years ago | (#37538016)

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

They showed that it is possible to control the printer as well, so then it would depend on what is printed by the printer, and whether voters would notice.

Re:Well, good thing I didn't research this area. (2)

gtbritishskull (1435843) | more than 2 years ago | (#37538222)

If you recounted the paper votes and it was different than the electronic tally, then it would be very clear very quickly that something was wrong.

Re:Well, good thing I didn't research this area. (1)

Joce640k (829181) | more than 2 years ago | (#37538420)

Put a sign up - "Check your card!"

Not everybody would check but it only takes a couple of observant voters to bring the whole election down. If that's your plan for winning the election then it's not a very good one...

Re:Well, good thing I didn't research this area. (1)

elsurexiste (1758620) | more than 2 years ago | (#37538226)

To verify the vote, simply count the paper-ballots the old-fashioned way, and compare the result with the results from the electronic voting.

Let's assume they don't match... What happens then? That's the problem with having two controls: you prefer one over the other, so you'll pay twice for the same information.

Re:Well, good thing I didn't research this area. (1)

nedlohs (1335013) | more than 2 years ago | (#37539036)

Then you work out if its just a minor error in one, or if there's a systemic issue and you need to redo the entire election.

You also find and execute the people who tried to rig the election if it was intentional.

You don't have two controls so that you can choose one over the other. You have two controls so that if they are different you know something has screwed up. Once you know something is broken you can work out how to fix it. If you don't know in the first place it's a tad more difficult to fix.

Re:Well, good thing I didn't research this area. (1)

Jazari (2006634) | more than 2 years ago | (#37538596)

There is, infact, a simple, straightforward way of getting all the advantages of electronic voting, while preserving the advantages of paper-voting.

Have the voting-machine print your vote as the last step, then deposit this printed vote in a ballot-box the old-fashioned way.

I like this idea, but it raises a problem: what happens when, inevitably, some people say "I voted X but the paper says Y" on election day? Are election staff supposed to disable that machine? Should they ignore the fist 1% or 0.1% of complaints? Do people get to cancel their vote? Which vote will have priority, paper or electronic?

I'm partial to the system used in Canada: fill-in-the-bubble paper ballots (like multiple choice exams). This gives a clear paper trail, and can be counted by machines if you want to go faster.

Re:Well, good thing I didn't research this area. (1)

errandum (2014454) | more than 2 years ago | (#37537662)

Encryption and a two-factor authentication system should allow you to do this.

Re:Well, good thing I didn't research this area. (0)

Anonymous Coward | more than 2 years ago | (#37537796)

Bingo.

Buzzword Bingo, that is.

Re:Well, good thing I didn't research this area. (2)

icebraining (1313345) | more than 2 years ago | (#37537824)

Encryption and authentication, performed by who? The machine? That can be broken if you have access to the machine, like in this case.

One could give personal certificates (in the form of a smart card, for example) to voters and require each vote to be signed using it, so votes would be impossible to forge, but that eliminates the anonymity of the process.

Re:Well, good thing I didn't research this area. (1)

Joce640k (829181) | more than 2 years ago | (#37538444)

Encryption and a two-factor authentication system should allow you to do this.

Sure, so long as you can trust the software inside the machines...

Re:Well, good thing I didn't research this area. (0)

Anonymous Coward | more than 2 years ago | (#37537814)

(a) First post!

And there goes any chance of being taken seriously...

(b) I was going to do research into voting protocols as a senior design project.

Going to? Well I guess it's nice you admit to talking out of your backside, sort of like all those vox populi that start with the words "As a mother,".

I'm convinced that there is no truly, 100% secure way of implementing this, unfortunately. I wish there was, though.

How would you know if you didn't bother to do the research? In any case, if you hadn't heard of two-factor authentication or security tokens by your "senior" year then your degree patently isn't worth the paper it's printed on.

Re:Well, good thing I didn't research this area. (1)

spottedkangaroo (451692) | more than 2 years ago | (#37538162)

It seems to me that if each voter had a few bits of crypto they could roll in to the vote then they could later verify that their vote was counted correctly. You could aggregate the vote up as you go, so it's not like you'd need to roll the 500 million sigs into the national vote. Verify that you were included in your district, compare the fingerprint to the one included at the national level. There's tons of details I haven't thought of, obviously, but I think this could be made to work. Most people would not check to make sure their vote was counted correctly, but many would and that would be enough.

In short: leave the trust in the hands of the people and make the vote workers simply stewards of the crypto pile.

Vote tracking (1, Interesting)

AK Marc (707885) | more than 2 years ago | (#37537456)

Even with all the massive problems, people still are pushing for electronic voting. The simplest and only sure way to fix the problems is to move back to open vote, which worked great in the past and would ensure that nobody could ever tamper with a voting machine again. Yes, I'm aware of the supposed problems that so many people bring up regarding vote tampering, but absentee voting is available everywhere now with all the same weaknesses and no problems with vote tampering.

Re:Vote tracking (3, Informative)

Anonymous Coward | more than 2 years ago | (#37537546)

Sure, and allow the kind of MASSIVE voter-intimidation of Tammaney Hall in New York City that went on in the 19th Century? Secret ballot was brought in FOR A REASON!

Go back to paper, it takes longer, but is better accountability.

Re:Vote tracking (2)

Gideon Wells (1412675) | more than 2 years ago | (#37537608)

Well, the main flaw with electronic voting right now is simply that it seems rare from the press I am seeing that there are paper ballots, or receipts mind you, printed out as well. Keep in mind this might be a case of positive news of E-voting focuses on the E-part and the printers are only mentioned in the negative press attacking flaws.

Electronic voting, when the information is not tampered with, is more accurate and faster than the old paper voting. Human error can occur in counting them. See 2000 recount efforts.

The best of both worlds is an auditing system with each voting machine printing out a paper ballot that the voter can verify before turning end. Random X% precincts get hit by the auditing stick to count their votes the old fashion way to make sure they match the electronic vote counts. Perhaps fund research into an Wal-Street level algorithm that is designed to pick out precincts that vote out of proportion for their demographic makeup for that election with a certain margin of error.

Not very correct (1)

David89 (2022710) | more than 2 years ago | (#37537492)

I like how they say there is no need of modification or reprogramming... Adding a chip is modding to me Just put one of those void if broken seal and a notice to always check the seal.

Re:Not very correct (5, Insightful)

JWSmythe (446288) | more than 2 years ago | (#37537926)

    What they're saying is that no soldering on the original hardware, nor replacement of any components is necessary. Some previous attacks required the removal of the storage media (compact flash, if I remember right).

    The unit they demonstrated simply requires unplugging two things, and putting their unit in between. After the election is complete, they'd simply need to access the units again, remove the component, and all is well.

    Most "void if broken" seals can be easily replicated. It's just a matter of getting a replacement seal in time. For the most part, people are dumb. If you do a good job of cleaning off the seal, they'd never notice it is missing.

Re:Not very correct (2)

Tar-Alcarin (1325441) | more than 2 years ago | (#37538190)

Alternative attack vector: In a constituency wherein a majority statistically favors your opposition, just use a pen or whatever, to damage the "void if broken" seals. Presto; you've now cast doubt on the integrity of the votes in that ballot.

Re:Not very correct (1)

Joce640k (829181) | more than 2 years ago | (#37538464)

Physical seals are worthless against well-funded enemies.

Hopefully fixed quickly (1)

danbuter (2019760) | more than 2 years ago | (#37537540)

Now that it's been exposed, it will hopefully be fixed very quickly. Though I wonder how many other "unknown" bugs there are that will allow someone mess with votes.

Without evidence of tampering? (1)

martyros (588782) | more than 2 years ago | (#37537560)

How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?

Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?

Re:Without evidence of tampering? (0)

Anonymous Coward | more than 2 years ago | (#37537598)

And why do they call it a "Man-In-The-Middle Remote Attack"??

Re:Without evidence of tampering? (2)

znerk (1162519) | more than 2 years ago | (#37537686)

And why do they call it a "Man-In-The-Middle Remote Attack"??

"Man in the middle" refers to the fact that the alien hardware is able to intercept and modify the authorized information, between the authorized user (the voter) and the intended recipient (the cast ballot).

The "remote" portion of the descriptor refers to the fact that the "man in the middle" is using a remote control to "attack" the system; that is, the compromised unit is being controlled remotely by someone other than the person standing at the controls/interface.

Re:Without evidence of tampering? (0)

Anonymous Coward | more than 2 years ago | (#37537982)

"Man in the middle" refers to the fact that the alien hardware is able to intercept and modify the authorized information, between the authorized user (the voter) and the intended recipient (the cast ballot).

Yeah, with that kind of reasoning, every attack is a MITM attack.

Re:Without evidence of tampering? (3, Insightful)

lammy (1557325) | more than 2 years ago | (#37537660)

"Without evidence of tampering" obviously refers to the state of the machines if the alien circuitry is removed before inspection. The attack does not require any wires to be cut or internal components to be destroyed or removed, which would leave physical evidence. You do have a point about the screen blanking, though. Although it only blanks for a split second and I guess most users could be led to believe that this was normal behaviour. Is it suspicious enough for the regular Joe election supervisor to call off the poll and open up the machine?

Re:Without evidence of tampering? (2)

znerk (1162519) | more than 2 years ago | (#37537664)

If you can blank the screen, then it should be feasible to actually *change* the screen's output. This attack doesn't require any knowledge of the actual election software, but if you *did* have that knowledge, you could dummy up a screen that has the "correct" votes on it, and display that instead of the votes that are actually being recorded.

Also, the "without evidence of tampering" is referring to the lack of any evidence that the machine has been tampered with after you remove the alien hardware. Gain access to the machine weeks or months before voting opens, then simply cast your vote later in the day and remove your hardware... no evidence.

Re:Without evidence of tampering? (0)

Anonymous Coward | more than 2 years ago | (#37537804)

> Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?

You are missing the point here. While it is likely that some people notice this, it is very unlikely that someone notices the blank screen *and* thinks it is more than strange behaviour of the device [1] *and* is motivated enough to report it to somebody [2][3] *and* that somebody takes appropriate action [4][5][6] *and* said action has any success of causing further investigation [7][8][9].

[1] given how often electronic devices behave in a strage way without any useful explanation, damage caused, or bugfix being made
[2] given how often electronic devices behave in a strage way without any useful explanation, damage caused, or bugfix being made
[3] given the general level of frustration about politics
[4] given how often electronic devices behave in a strage way without any useful explanation, damage caused, or bugfix being made
[5] given the general level of frustration about politics
[6] even assuming that the malfunction is not in favor of the political point of view of said person, let alone the hack being conducted by him
[7] given how often electronic devices behave in a strage way without any useful explanation, damage caused, or bugfix being made
[8] given the general level of frustration about politics
[9] assuming that the people responsible for the hack aren't taking any direct action to prevent any useful investigation from happening, e.g. make any pieces of evidence "disappear".

tl;dr version: electronic devices screw up all the time, and people are frustrated enough about politics to take no action.

Re:Without evidence of tampering? (1)

thegarbz (1787294) | more than 2 years ago | (#37538104)

How is this "without evidence of tampering", when they have an actual circuit board ("alien electronic") inserted into the machine?

Also, to hide the fact that they're changing votes, they blank out the screen. How likely is it that *no one* notices this?

Both of these refer to the user of the machine who's vote is being tampered with. As the case is not made of acrylic I don't know if it has a surplus circuit board installed in it by the person who was in the booth before me.

Also as someone who has never used an e-voting machine how am I supposed to know the screen isn't supposed to blank?

Re:Without evidence of tampering? (1)

Joce640k (829181) | more than 2 years ago | (#37538484)

How likely is it that *no one* notices this?

If it's your first ever time using the software then *very likely* because you don't know what's 'normal'.

Duh.

Why is there no paper trail? (1)

GoodNewsJimDotCom (2244874) | more than 2 years ago | (#37537680)

Sure, use electronic voting tallying because we're lazy and don't want to tally paper votes anymore. But keep the paper trail for validation! What is the point of not having a paper trail for validation? You save a few trees? Look at our new government, it is sold to the highest bidder, but we'll save every last one of you a penny in taxes.

Man on the inside (1, Insightful)

jamesl (106902) | more than 2 years ago | (#37537682)

"[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code ...

No, all they needed was access to the machine's internals, modification of it's electronics and knowledge of how to "insert a piece of 'alien electronics' into a circuit board."

Once you give someone physical control of your machine, you have given someone control of your machine.

Re:Man on the inside (2)

berashith (222128) | more than 2 years ago | (#37537890)

this is true. I made a replica of a Diebold voting machine and crammed an atari 2600 into it. If anyone wanted to vote for an independent, they had to first solve jungle hunt. Totally hacked the voting process.

Re:Man on the inside (2)

thegarbz (1787294) | more than 2 years ago | (#37538114)

Given how last year we saw articles on how dead easy these things were to get into despite the fancy looking lock, this attack is still falls in the category of "could conceivably happen".

Re:Man on the inside (0)

Anonymous Coward | more than 2 years ago | (#37538962)

Maybe they should get Apple to design them some unibody aluminum cases. Those things are a bitch to open, and then there's no room for anything but the hardware that's supposed to be there.

Re:Man on the inside (1)

Hentes (2461350) | more than 2 years ago | (#37538310)

True, but voters DO have physical control over the machine.

The only thing worse than this.. (0)

Martz (861209) | more than 2 years ago | (#37537724)

Make all voting done online.

Citizens will have to register on the voting site using their Facebook account and Social Security Number, authenticated by a custom captcha system.

Voting Accounts will be verified by email activation link.

Once logged in the website will pull all of the citizens personal data from the governments databases so the user can ensure the data held is accurate, and any corrections submitted by the user will be saved after being validated with javascript.

Furthermore, this system powered by the Cloud using tried and tested Windows Server technology, ASP, .NET and SQL 2005.

Re:The only thing worse than this.. (2)

GoodNewsJimDotCom (2244874) | more than 2 years ago | (#37537734)

That is bad, but let us say you have a new democracy(it happens, new governments come up).
Is it possible to have a national ID and password which would let you vote on issues without the need for public elected officials?
One reason for representative government is that everyone could not vote on every single issue for the state because they could not all fit in one place and have discourse. The Internet could let everyone meet in one place. A whole new government style could be formed that has limited representative for figure head events.

Re:The only thing worse than this.. (1)

Hentes (2461350) | more than 2 years ago | (#37538496)

I thought about this a lot and I don't think it's possible to create an Internet voting system that is comfortable, secure and anonymous. The biggest problem is vote selling, but there are a lot of others as well. For example, at some point you have to register yourself physically, wich would mean that you have to show up in an office anyway. Also, you can't just use your ID to vote because of privacy issues. But if you want the system to be secure you will need a unique code that only you know. But what about the person who gives you the code? There are many similar problems and while I hope there is a system that can solve all at the same time I am sceptical.

Re:The only thing worse than this.. (0)

Anonymous Coward | more than 2 years ago | (#37537880)

Facebook?! I thought you were joking but then I read your comment history...

Oh dear.

You can't possibly be serious when you say FB or The Cloud *grimace* should have anything to do with voting. Oh, and captcha authentication? Do you even have the slightest idea what a captcha is actually for? I'll skip the hint and just tell you: they're to prove a form was submitted by a human, not some particular human

One more thing (related to your claimed job): unsecured wi-fi in a hotel setting is irresponsible and just plain stupid. You can't rely on normal users to know about the dangers and, frankly, if you'd named the hotel chain I'd be firing off an email about you to someone in management right now.

I don't get why these people report the flaws (1)

Anonymous Coward | more than 2 years ago | (#37537736)

These people who find these flaws are doing it wrong. They should just hack all the machines to elect the drunk bum down the street or the crazy cat lady to office and get it all over with.

Re:I don't get why these people report the flaws (1)

Pieroxy (222434) | more than 2 years ago | (#37537800)

Agreed. Take the last presidential election: If all electronic votes had come to McCain (or Obama) it would have been obvious for everyone involved that something was wrong. You have no booth where 100% of the votes goes to ONE candidate.

My thoughts (0)

Anonymous Coward | more than 2 years ago | (#37537766)

Only watched the last quarter or so - where they actually did something, instead of waffling on.

They connect a device that can intercept and change clicks on a screen. This can have other capabilites such as disabling power to touch sensors and/or screen.
My thoughts:
1. First level access - smart card reader opens - you can only install the second cable through this access, giving the ability of disableing power to the screen.
2. All other methods require the box already being open. I wont bother going into the whole insecure box/tampering officals bit.
3. Second level access is only though opening the device itself. We didn't see how difficult this was. The idea of cutting out the bottom connector is a little unfeasable in a voting booth, I would have thought. I know my dremel can make a bit of a racket going through plastic.
4. "[T]he Argonne team's attack required no modification, reprogramming, or even knowledge, of the voting machine's proprietary source code..." is false. They need to know the hardware, and the signels it carries and understands. They need to know where the buttons are on the screen, what they contain, the order of screens to sequence thing in an autonumous and undetectable manner. That is still knowlege of the system. What works on one may not work on on made by another company, although serial touchscreens do tend talk similer languages.

To they guys behind this: Nicely thought out device. The touchscreen communication is a weak spot, much like keyboards. However this is far from perfect.The assumption is the the attacker has ready access. Although the card slot coming off is bad design, if you really can install the touch replacement capability without full access, show it.

To Diebold: It strikes me the point of your system is to be the replactement of the locked box. Why are there hand-sized holes opening up ith the push of a pin? Solutions: make the unit a single unit as far as possible. Put better locks on it. Randomise button placement on the screen. Delays on how quickly buttons can be pressed. Randomise button placement on the screen. Take a note from mobile and laptop manufactorers and make thinner units, or fill more gaps up with plastic. You can't put devices in if there is nowhere for them to go! But for gods sake, PUT BETTER LOCKS ON IT!!

Good thing i live in a country where... (1, Troll)

abridgedslashdotuser (1932110) | more than 2 years ago | (#37537940)

...voter fraud machines aren't allowed in general elections. Company's can build these shitty fraudy things, they can sell them to any foreign government and let them fraud there votes, but it is not okay to do it here(tm) and that is okay. Which is, in my opinion (hahaha), one of the best things ever! Screaming "USA USA USA" and demanding tax cuts just doesn't change anything. But having good regulations, a good supreme court and everybody paying their fair share, does. So US get your act together and ban these fraud machine crap. Whining about it bugs and flaws, thinking about asking companys to fix them, will not get you anywhere!

Diebold makes ATMs (0)

Anonymous Coward | more than 2 years ago | (#37538002)

How is it no one is worried about simple hacks being used to steal money? That seems way more likely than simultaneous interference at polling places state or even city wide to disrupt an election.

PKE (0)

Anonymous Coward | more than 2 years ago | (#37538036)

What I don't understand is why this is about as secure as a web based poll. They really need some way to let people do their voting (even at home), cryptographically sign it with a asymmetric key and then go submit it at the voting place. That way, the votes could be authenticated and it would be nearly impossible to change the results like they have.

Am I the only one *not* impressed with this? (0)

rob13572468 (788682) | more than 2 years ago | (#37538134)

Granted they disclose that its a simplistic attack but what they do not explain is that it is neither practical nor is it complete... The attack is based on intercepting and modifying the voltage signals coming from the touchscreen (voltage,not data...) and cutting power to the LCD. This allows them to do the following:
1. read the (X,Y) position of a user touch event
2. send a false position report on to the voting machine
3. blank the screen,

The problem is what they are NOT doing... They are not reading the output to the LCD which means they have no way of knowing the context of the button presses. e.g. they know the user is pressing at position (X,Y) but they dont know what menu screen is currently being displayed... is it the login screen? the voting screen, which candidate race? To do this they need to be tapped into the VGA/DVI output data to the LCD and you can do that with $10 in components.. you probabaly cant do it for $100, and you certainly need a pretty decent coding/hardware design/reverse engineering skillset to succeed.

This is fearmongering that is masquerading as security research (and poor research at that..) If the goal was to impart the message that a physically unprotected machine is vulnerable to tampering then i guess they got that message across, but its not like we did not already know this...

Finally if you want to create a devastatingly sucessful undetectable hardware attack, you do not bother with i/o.. you use boundary scan and the JTAG/BDM port.

Your Vote Matters! (1)

arisvega (1414195) | more than 2 years ago | (#37538152)

See? It really does!

Now go vote!

Remotely! Here is your remote!

Check your facts! (0)

Anonymous Coward | more than 2 years ago | (#37538290)

In 2009 Diebold divested themselves of the voting machine business. The current owner of the business formerly known as Diebold Election Systems is ES&S and does business as Premiere Election Systems.

Crazy Talk! (0)

Anonymous Coward | more than 2 years ago | (#37538292)

This is bullshit. Possible? Yes. That cheap? No. An eighth grader building it? No. With no knowledge of the microprocessor? Not a chance. They're saying that an eighth grader can go somehow find these parts, purchase them for less than a $20 (from the Shack I'm sure), and assemble them and make them work with no knowledge of the machine hardware or software. I'm floored...

it's a sales pitch (1)

roman_mir (125474) | more than 2 years ago | (#37538302)

these guys are selling something, they are selling a 'way to protect against this type of physical attack' against voting machines.

They are correct, this is a possible vector of attack. They are still trying to sell something.

Eff E-Vote, early voting is the way (1)

AwesomeMcgee (2437070) | more than 2 years ago | (#37538318)

Why do people want e-voting machines? Automatic counting is quicker and less costly than paying all the ballot counters. However, early voting is allowed like the entire month of november by mail-in, and because the job doesn't need to be done all in one day you pay less ballot counters and save money. We should do away with election day, make it election month, and get rid of these stupid electronic voting systems. Don't even need to use the postal service to have that interference, just setup some secure ballot boxes around town that the counters will collect and count daily. Hell put the counters in them, just use them armored money trucks. They already have the 24/7 satelite linked cameras in them to have remote eyes ensuring the counters aren't screwing with votes.

Whew (1)

sgt scrub (869860) | more than 2 years ago | (#37538418)

"Often the polling places are in elementary schools or a church basement or some place that doesn't really have a great deal of security."

At least they are not in the hands of someone with a political agenda.

Die Bold... (1)

MindPrison (864299) | more than 2 years ago | (#37538636)

It died boldly just like yesterdays votes.

Tamper Proof? (2)

Coreigh (185150) | more than 2 years ago | (#37538714)

I saw this discussion on another site and someone asked 'Why can they make rock solid tamper proof slot machines but not voting machines?' I realize they are not the same animal but the concepts of security and tampering must be very similar.

Re:Tamper Proof? (1)

dltaylor (7510) | more than 2 years ago | (#37538846)

Because the people making the gambling machines want them secure FROM cheaters, while the people making the voting machines want them secure FOR cheaters (cough cough GWB cough).

Re:Tamper Proof? (1)

InsertCleverUsername (950130) | more than 2 years ago | (#37539100)

Exactly. Somehow we can make ATMs, electronic slot machines, and all kinds of online transactions secure, but can't secure a vote? Sounds like a lack of will at best, a nefarious plan to make U.S. democracy more of a farce that it already is at worst.

Wow one of the worst Slashdot things ever (0)

Anonymous Coward | more than 2 years ago | (#37538734)

These things were sold off by Diebold a number of years ago and these are completely ancient. It's like saying "We were able to hack Windows NT". Nice job guys, you literally did absolutely nothing.

Re:Wow one of the worst Slashdot things ever (1)

fferret (58662) | more than 2 years ago | (#37539094)

The point is not that Diebold sold the division making the Accuvote TS. The point is that thousands of these are deployed and in use, and therefore the vulnerability is real and has an impact on the 2012 elections. Comment fail.

Concerned. (1)

fferret (58662) | more than 2 years ago | (#37538950)

I'm an election judge, and I forwarded this to my county Board of Elections, with a note recommending we need to conduct a machine inspection, along with a review of how the machines are physically secured. Once the machines are fielded to the polls, usually days before the election, we need to find a way to seal them at the poll until they are used. On the subject of DRE versus other methods of vote registration/counting, I agree that DRE is still an inherently un-secure technology, but my county/state made a massive investment, and cannot afford to replace them. The best thing we can do as poll workers is to take whatever steps needed to reassure the voting public their vote is accurately recorded and secure from tampering at the poll. We have no control beyond that.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>