You are viewing an obsolete version of the DU website which is no longer supported by the Administrators. Visit The New DU.
Democratic Underground Latest Greatest Lobby Journals Search Options Help Login
Google

Reply #3: ES&S e-Voting System Used in California Cracked Wide Open [View All]

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Fri Jul-23-10 02:44 AM
Response to Original message
3. ES&S e-Voting System Used in California Cracked Wide Open
Edited on Fri Jul-23-10 02:46 AM by Wilms
http://static.arstechnica.com//public/v6/styles/light/i...

ES&S e-Voting System Used in California Cracked Wide Open


By Ryan Paul | Last updated December 5, 2007 9:01 AM

Earlier this year, California Secretary of State Debra Bowen established strict new standards for electronic voting machines, requiring independent code audits, Red Team security testing, and support for paper records. The Red Team testing process primarily involves subjecting the machines to review by security experts who attempt to hack the software and bypass the physical security mechanisms. Recent Red Team tests of ES&S voting machines have uncovered serious security flaws.

Previous Red Team tests commissioned by the state of California revealed significant vulnerabilities in devices sold by Diebold and Sequoia. At the time, ES&S declined to participate in the testing, citing lack of preparedness. The tests on the ES&S machines were finally conducted in October, and the results, which were recently published (PDF), show that products from ES&S are as insecure as the rest.

The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."

After bypassing the physical security of the voting machines, the Red Team researchers were able to gain direct access to all of the files on the systems, including password files. "Making a change to the BIOS to reconfigure the boot sequence allows the system to be booted up using external memory devices containing a bootable Linux copy," according to the researchers. "Once done, all the files can be accessed and potentially modified, including sensitive files such as the password file which can be cracked by openly available cracker programs. New users may be added with known passwords and used by the same attacker or other attackers later."

snip

http://arstechnica.com/security/news/2007/12/security-t...

Printer Friendly | Permalink | Reply | Top
 

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002 DCScripts.com
Software has been extensively modified by the DU administrators


Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC