Examples of Voting System Vulnerabilities and Problems
• Cast ballots, ballot definition files, and audit logs
could be modified.
• Supervisor functions were protected with weak
or easily guessed passwords.
• Systems had easily picked locks and power
switches that were exposed and unprotected.
• Local jurisdictions misconfigured their
electronic voting systems, leading to
election day problems.
• Voting systems experienced operational
failures during elections.
• Vendors installed uncertified electronic
voting systems.
Source: GAO analysis of recent reports and studies.
http://www.gao.gov/highlights/d05956high.pdfSecurity Analysis of the Diebold AccuVote-TS Voting Machine
Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten — September 13, 2006
Abstract This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.
Full research paper
(Workshop version )
http://itpolicy.princeton.edu/voting/
Study: Hackers Could Change E-Voting Machine Results
By Erika Morphy
TechNewsWorld
07/30/07 12:35 PM PT
University researchers have demonstrated multiple ways of compromising all three of the electronic voting machine systems certified for use in California. The hacks could result in hijacking machines and altering election results, they claim. Although the system vendors have issued a detailed rebuttal of the study, critics are calling for an investigation into the e-voting certification process.
A test of three electronic voting systems certified for use in California has uncovered serious security flaws. Researchers at the University of California conducted the tests at the behest of Secretary of State Debra Bowen under a US$1.8 million contract.
Their mission was to try to compromise the integrity of the voting systems provided by Diebold Elections Systems, Hart Intercivic and Sequoia Voting Systems. They not only succeeded in breaching all of the systems, but also concluded there were likely more security problems that they did not have time to explore during the limited time frame of the study.
Three Vendors, Numerous Failures
What they did find was worrisome enough.
-snip
http://www.technewsworld.com/story/58572.html
Pull The Plug
Aviel Rubin 09.04.06, 12:00 AM ET
-snip
Consider one simple mode of attack that has already proved effective on a widely used DRE, the Accuvote made by Diebold (nyse: DBD - news -people ). It's called overwriting the boot loader, the software that runs first when the machine is booted up. The boot loader controls which operating system loads, so it is the most security-critical piece of the machine. In overwriting it an attacker can, for example, make the machine count every fifth Republican vote as a Democratic vote, swap the vote outcome at the end of the election or produce a completely fabricated result. To stage this attack, a night janitor at the polling place would need only a few seconds' worth of access to the computer's memory card slot.
Further, an attacker can modify what's known as the ballot definition file on the memory card. The outcome: Votes for two candidates for a particular office are swapped. This attack works by programming the software to recognize the precinct number where the machine is situated. If the attack code limits its execution to precincts that are statistically close but still favor a particular party, it goes unnoticed.
One might argue that one way to prevent this attack is to randomize the precinct numbers inside the software. But that's an argument made in hindsight. If the defense against the attack is not built into the voting system, the attack will work, and there are virtually limitless ways to attack a system. And let's not count on hiring 24-hour security guards to protect voting machines.
DREs have a transparency problem: You can't easily discover if they've been tinkered with. It's one thing to suspect that officials have miscounted hanging chads but something else entirely for people to wonder whether a corrupt programmer working behind the scenes has rigged a computer to help his side.
Aviel Rubin, professor of computer science at Johns Hopkins University and author of Brave New Ballot: The Battle To Safeguard Democracy In The Age Of Electronic Voting.
-snip
http://www.forbes.com/forbes/2006/0904/040.html?partner=alerts&_requestid=2972
Voting Technology
After the 2000 election and the passage of the Help America Vote Act of 2002, states moved to modernize election administration by retiring antiquated lever and punch-card voting machines and implementing new electronic voting machines. Electronic voting machines have not been the panacea to vote-counting woes that many had hoped they would be. Until recently, there has been surprisingly little empirical study on electronic voting systems in the areas of security, accessibility, usability, and cost. The result is that jurisdictions are making purchasing decisions and are adopting laws and procedures that do little to promote these goals.
In 2006, the Brennan Center released two comprehensive, empirical analyses of electronic voting systems in the United States, The Machinery of Democracy: Protecting Elections in an Electronic World and The Machinery of Democracy: Voting System Security, Accessibility, Usability, and Cost. The Brennan Center continued its study of electronic voting security in Post-Election Audits: Restoring Trust in Elections. Since the Brennan Center initiated its study of electronic voting, it has been called upon to provide expert testimony before Congress and to assist election officials in developing procedures that promote secure and reliable voting systems.
-snip
http://www.brennancenter.org/content/section/category/voting_technology/
The Evaluation & Validation of Election-Related Equipment, Standards & Testing report, known as EVEREST, is a comprehensive review of voting systems revealing startling findings on voting machines and systems used in Ohio and throughout the country. The Ohio study tested the systems for:
- risks to vote security,
- system performance, including load capacity,
- configuration to currently certified systems specifications, and
- operations and internal controls that could mitigate risk.
The $1.9 million study, paid for using federal funds, was structured to allow two teams of scientists, corporate and academic, to conduct parallel assessment of the security of the state’s three voting systems - Election Systems & Software (ES&S), Hart Intercivic and Premier Election Solutions (formerly Diebold) - in both voting and board of elections environments. Separate research was conducted on each voting system’s performance, configuration and operations and internal controls management. A bipartisan team of 12 election board directors and deputy directors advised the study and evaluated all reports, participating with the secretary in making recommendations for change.
-snip
http://www.sos.state.oh.us/SOS/elections/voterInformation/equipment/VotingSystemReviewFindings.aspx