Democratic Underground Latest Greatest Lobby Journals Search Options Help Login

Sequoia Voting System v4.0: Still Hackable. Approved for Use in November Only with Conditions

Printer-friendly format Printer-friendly format
Printer-friendly format Email this thread to a friend
Printer-friendly format Bookmark this thread
Home » Discuss » Topic Forums » Election Reform Donate to DU
Wilms Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Oct-15-08 11:09 AM
Original message
Sequoia Voting System v4.0: Still Hackable. Approved for Use in November Only with Conditions
California has approved the Sequoia System 4.0 with Ranked Choice Voting for use in San Francisco only for the the upcoming general election.

Conditions to be met are listed in this document.

Here are some snips from the Source Code Review

Sequoia Voting System v4.0
Source Code Review Team Report

September 19th, 2008


After examination of the source code, we have found that the security posture of the system is largely unchanged since the UC Berkeley review. There are still significant programming, logic, and architectural errors present in the software, ranging from fairly benign mistakes to severe systemic misuse of cryptographic methods and failures to implement correct integrity verification. The following are major points of weakness found in the source code:
    Failure to properly verify the integrity of election information, leaving the election definition and results vulnerable to undetectable tampering

    Improper and unsafe authentication and user account management

    Access control not implemented correctly allowing anyone with an account complete control over the central database

    Nonexistent or incorrect usage of encryption that can be easily defeated

    Lack of input sanitization leaving SQL injection vulnerabilities unchecked

    Various buffer overflow and software bugs creating possible avenues for arbitrary code execution inside the system

With regard to determining whether the provided source code resolves the high-level security architectural issues identified in the UC Berkeley report, the reviewer found that the previously reported security architecture issues remain issues in the current version. There still is no effective mechanism to protect the integrity of data that is transferred between components of the system via removable media; there is a potential vulnerability for SQL injection attacks that result in unauthorized access to election data stored in the database or execution of malicious code on the database server machine to crash the system; a user can exploit a system weakness that enables him or her to access the database without going through the WinEDS user interface, and once there, that user can add, delete and modify any data in the database; cryptographic methods are improperly used; access control management is still cumbersome and subject to user error and also can be circumvented; and while password management has been improved, because of an architecture defect, the strengthening of password management does not necessarily lead to a strengthened access control system.

With regard to determining whether the provided source code resolves specific security defects identified in the UC Berkeley report, the reviewer could verify that nine of the 47 previously reported defects have been sufficiently resolved in the provided source code to mitigate the identified vulnerability. Code modifications for two defects partially resolve the reported issues. Code modifications for two defects do not sufficiently mitigate the reported vulnerabilities they are intended to resolve. Resolution of 10 issues could not be determined by static review of the source code, but can only be verified by functional testing, penetrating testing, live-code debugging, or other means; the reviewer acknowledges that two of these issues might be resolved. Based on the code review, the reviewer found that approximately 24 of the 47 issues have not been addressed by code modifications.


With regard to review of the two new modules (WinEDS Extended Services and WinEDS Election Reporting) the reviewer found that the modules are susceptible to SQL injection attacks via both the GUI and malicious input files; rely on user action to ensure data integrity rather than implementing a system safeguard; and provide inadequate error handling. Exploitation of any of these weaknesses could result in data corruption and/or incomplete or false results. The system could enter an insecure state.

With regard to evaluating the extent to which the system protects the integrity of ballot data or ballot images stored in the 400-C Central Count Scanner and Optech Insight Plus, the reviewer found that except for a simple CRC check, there is no security on the data in the MemoryPack. Program code or data could be easily manipulated by an attacker.

Overall, the reviewer found that while progress has been made, the integrity of election definitions and ballot information is not properly protected. Many attack scenarios center around interception and modification of data, since there are no reliable ways to detect them.
Refresh | +3 Recommendations Printer Friendly | Permalink | Reply | Top

Home » Discuss » Topic Forums » Election Reform Donate to DU

Powered by DCForum+ Version 1.1 Copyright 1997-2002
Software has been extensively modified by the DU administrators

Important Notices: By participating on this discussion board, visitors agree to abide by the rules outlined on our Rules page. Messages posted on the Democratic Underground Discussion Forums are the opinions of the individuals who post them, and do not necessarily represent the opinions of Democratic Underground, LLC.

Home  |  Discussion Forums  |  Journals |  Store  |  Donate

About DU  |  Contact Us  |  Privacy Policy

Got a message for Democratic Underground? Click here to send us a message.

© 2001 - 2011 Democratic Underground, LLC