Mon, 15 May 2006 Backdoor found in Diebold voting machines
Diebold Election Systems plans to make changes to its electronic voting machines, following the disclosure of a number of serious security flaws in the systems.
On Thursday, the voting watchdog organisation Black Box Voting published a report (PDF) detailing how Diebold's TS6 and TSx touch-pad voting machines could be compromised by taking advantage of "backdoor" features designed to allow new software to be installed on the systems.
Question of the day!
Do you share your creations online?
% of Macworld readers agree with you
What do you create and how do you share it?
Follow the conversation at @TabletChat
paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm
I draw manga/anime characters. I also do graphic design and photography.RT @spialelo
Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialelo
Finnish security researcher Harri Hursti, discovered backdoors in the boot loader software, in the OS, and in the Ballot Station software that it runs to tabulate votes.
Rear-access technology
"These are built-in features, all three of them," said Black Box Voting Founder Bev Harris. If a malicious person had access to a Diebold machine, the back doors could be exploited to falsify election results on the system, she said.
A Diebold spokesman did not dispute Hursti's findings, but said that Black Box Voting was making too much of the matter because the systems are intended to remain in the hands of trusted election officials.
"What they're proposing as a vulnerability is actually a functionality of the system," said spokesman David Bear. "Instead of recognising the advantages of the technology, we keep ringing up 'what if' scenarios that serve no purpose other than to confuse and in some instances frighten voters."
Key vote
Nevertheless, Diebold plans to address the issue in an upcoming version of the product, which will use cryptographic keys to ensure that only authorised software is installed on the machine, Bear said. He could not say when this feature would be added, but said that it could be available in time for the November 7 general election in the US.
After the November 2000 presidential election exposed flaws in traditional paper ballots, many states have rushed to adopt electronic voting systems. But computer experts have pointed out numerous security flaws in these machines, and some consumer groups have called for them to be dropped altogether.
Attack threat upgrade
These latest set of flaws are the most serious voting machine flaws yet reported, according to Ed Felten, a professor of computer science at Princeton University, and Avi Rubin, a Professor of Computer Science at Johns Hopkins University.
"The attacks described in Hursti's report would allow anyone who had physical access to a voting machine for a few minutes to install malicious software code on that machine, using simple, widely available tools," they wrote Thursday on the Freedom to Tinker blog. "The malicious code, once installed, would control all of the functions of the voting machine, including the counting of votes."
Diebold's machines are based on custom hardware that runs Microsoft's Windows CE operating system.
Black Box Voting's Harris called on Diebold to recall the machines and replace them with its optical scanners, which do not suffer from the same vulnerability. "The company sold a defective product," she said. "It should not be used in a Federal election."
Harris also called on Congress to find out why these backdoors were installed in the first place. "We need to find out how this got through the oversight system, and we need to question the programmer who did the programming under oath."
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/news/index.cfm?NewsID=14633&Page=1&pagePos=5
<<prev article | back to news index | next article>>
Latest News
- Apple intros Aperture 3, adds over 200 new features
- VIP iPhone app drops from millionaire priced £279.99 to under a tenner
- Play.com: Google Nexus One now available for pre-order
- Amazon's Kindle gets ready to battle Apple's iPad
- Apple Store is down, new Macs imminent?
- Canon intros EOS 550D 18-megapixel DSLR camera
- WSJ: Apple could slash iPad prices if sales disappoint
- Apple offers 'find out how' tutorials as podcasts
- Adobe says sorry for 16-month-old Flash bug
- Getty launches subscription stock image service, Thinkstock
- RouteBuddy intros RouteBuddy Atlas 1.3 for iPhone, iPod touch
- AppFund seeks Apple iPad developers, offers funding up to $500,000
iPhone 3G S Video Review
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Are you a new customer? Are you doubtful? |
 |
50% off ebooks |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
Click here for the latest reader comments