More on Security of Electronic Voting Machices in 08

Also taken from the Princeton review of the Diebold voting machines the following information was provided regarding the flaws and security vulnerabilities with the Diebold Machines. I must say that this review was done in 2006 and I am currently looking to see what updates have been made to the machines. For the whole .PDF you can go to the .PDF directly by Clicking Here.

Main Findings The main findings of our study are:
1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.
2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
3. AccuVote-TS machines are susceptible to voting-machine viruses—computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and postelection activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.
4. While some of these problems can be eliminated by improving Diebold’s software, others cannot be remedied without replacing the machines’ hardware. Changes to election procedures would also be required to ensure security.

Injecting Attack Code
To carry out these attacks, the attacker must somehow install his malicious software on one or more voting machines. If he can get physical access to a machine for as little as one minute, he can install the software manually. The attacker can also install a voting machine virus that spreads to other machines, allowing him to commit widespread fraud even if he only has physical access to one machine or memory card.

Boot Process
When the machine is booted, the bootloader copies itself to RAM and initializes the hardware. Then it looks for a memory card in the first PC Card slot, and if one is present, it searches for files on the card with special names. If it finds a file called fboot.nb0, it assumes that this file contains a replacement bootloader, and it copies the contents of this file to the bootloader area of the on-board flash memory, overwriting the current bootloader. If it finds a file called nk.bin, it assumes that this file contains a replacement operating system image in Windows CE Binary Image Data Format [22], and it copies it to the OS area of the on-board flash, overwriting the current OS image. Finally, if it finds a file called EraseFFX.bsq, it erases the entire file system area of the flash. The bootloader does not verify the authenticity of any of these files in any way, nor does it notify the user or ask the user to confirm any of the changes that it makes. As Hursti [14] suggests, these mechanisms can be used to install malicious code.

Stealing Votes
Figure 4: Our demonstration vote-stealing control panel Several of the demonstration attacks that we have implemented involve installing code onto AccuVote-TS machines that changes votes so that, for a given race, a favored candidate receives a specified percentage of the votes cast on each affected machine. Since any attacks that significantly alter the total number of votes cast can be detected by election officials, our demonstration software steals votes at random from other candidates in the same race and giving them to the favored candidate. The software switches enough votes to ensure that the favored candidate receives at least the desired percentage of the votes cast on each compromised voting machine. Election results (i.e., the record of votes cast) are stored in files that can be modified by any program running on the voting machine. For the currently running election, the primary copy of the election results is stored on the memory card at \Storage Card\CurrentElection\election.brs and a backup copy is stored in the machine’s on-board flash memory at \FFX\AccuVote-TS\BallotStation\CurrentElection\election.brs. Our software works by directly modifying both of these files.

I dont know about you but just knowing this little bit scares me and I can tell you that if you look at the .PDF there is even more when it comes to Security Issues and even storage issues. Think about all of this information before you go in to VOTE this year and remember that you can always request to vote on a piece of Paper instead. Make sure your Vote Counts this year, Make Sure your Voice is Heard. Learn what you are using and don't believe everything your told when it comes to these machines. Sure it is HIGHLY unlikely that anything would happen but when it comes to my freedom and my democracy I can guarantee that knowing as much about this as possible is what or Founding Fathers would want us to do.

Electronic Voting: The Future of Elections in 08

Here is just a little information regarding some of the new ways in which somebody can now cast a vote. Is this what we are heading towards or does another look need to be taken in terms of security and User Interface? Find out for yourself. Here are specs on just a few of the new electronic voting machines that will be at your disposal around the country.

Diebold AccuVote TS-X Voter Information Sheet

Name/Model: AccuVote-TSx Vendor: Diebold Election Systems How To Vote On This Machine: After confirming the voter is registered, he or she is handed a “smart card." The voter then inserts the smart card into the slot on the right side of the screen. Card should be face up with the arrow pointing forward. Touch the "Start" button on the bottom, middle part of the screen to access the ballot. Follow the on screen instructions to make selections on ballot. After all selections have been made, a summary screen will appear. This screen should be carefully check to ensure that all choices were recorded correctly. If the choices DO NOT match, the voter can touch either the race in question or "Review Ballot" on the lower-right portion of the screen. If the summary screen matches the voter's intent, the the voter should then touch "Cast Vote." REMEMBER: You have the right to ask for assistance from a poll work during the voting process. If the poll worker is unable to resolve any machine-related problem you might have, do not cast your ballot on the machine. You can demand to vote on another machine or by paper.

Name/Model: ELECTronic 1242

Vendor: Guardian Voting Systems, Inc. (a division of Danaher Controls, Inc.)

How to Vote on This Machine:

1. When voters enter the precinct, poll workers confirm that they are properly registered to vote. The poll worker then uses an operator’s panel on the back of the machine to choose the ballot style appropriate for that voter.
2. The voter enters the curtains (see pictures at left above) and only the races for which they are permitted to vote are activated.
3. The voter then votes by pressing a numbered box beside each choice in each race on the ballot. It is very important that the voter does not push the large, green "Vote" button until done voting; a vote inadvertently cast may not be redone.
4. Flashing lights on the left-hand side of the ballot indicate races for which the voter has not yet voted. If the voter tries to choose more than one choice in a given race (over-voting), the machine will ignore the second choice. If the voter makes a mistake, they can press the numbered box again to deselect their choice; the indicator light will go out. The voter may then select the correct choice.
5. When done voting, the voter presses a large green “Vote” button in the lower-right corner of the voting machine.

REMEMBER: You have the right to ask for assistance from a poll work during the voting process. If the poll worker is unable to resolve any machine-related problem you might have, do not cast your ballot on the machine. You can demand to vote on another machine or by paper.

Name/Model: WINvote

Vendor: Advanced Voting Solutions, Inc. (formerly Shoup Voting Solutions, Inc.).

How To Vote On This Machine:

1. After checking in at the polling place, the voter will approach one of the terminals. An election official will activate the machine. The voter will touch the "Click Here to Start" button on the welcome screen, and the ballot-marking process will begin.
2. The screen will display one race at a time, with available choices listed below the race name. Write-in candidates can be selected by touching the "Write-In" button at the bottom of the choice list. After making a selection, touch the "Next" button on the bottom of the screen.
3. When all selection have been made, the voter will be taken to a summary screen that lists that name of each race and the option that was selected by the voter. If the voter wishes to change any of these races, he/she should simply touch the name of the race and make another selection.
4. When the voter is satisfied with the summary screen, he/she should touch the red "Next" button on the bottom-right part of the screen. The next screen has a large red "VOTE" button. After touching that button, the ballot has been cast.

REMEMBER: You have the right to ask for assistance from a poll work during the voting process. If the poll worker is unable to resolve any machine-related problem you might have, do not cast your ballot on the machine. You can demand to vote on another machine or by paper.

Here is just a brief comment in the Summary of the findings of an independent study just examining the Diebold machines in the summer of 2006. Remember that these were ready to use and approved for use prior to this examination.

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities—a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.

Center for Information Technology Policy and Dept. of Computer Science, Princeton University
†Woodrow Wilson School of Public and International Affairs, Princeton University