California white hat hackers: 3, Diebold and friends: 0
[Via The Raw Feed]
Filed under: Misc. Gadgets
[Via The Raw Feed]
Relevant Posts
- Unloved e-voting machines cluttering warehouses, losing value fast (47 days ago - 17 Comments)
- Hackers hit LHC computer system, deemed "scary experience" (25 days ago - 147 Comments)
- Diebold comes clean, admits that its e-voting machines are faulty (45 days ago - 101 Comments)
- PS3 backup hack kinda clarified, still kinda sketchy (43 days ago - 25 Comments)
Reader Comments (Page 1 of 1)
Abe @ Jul 29th 2007 8:17PM
You're on to something there. Watch out for Ralph Nader.
keton @ Jul 29th 2007 6:05PM
Rig them for Obama, hes cooooooooool
Neebs @ Jul 29th 2007 6:38PM
Kind of like a GameFAQs character battle, yes?
michael @ Jul 29th 2007 6:48PM
Are you trying to start something here?
Jason @ Jul 29th 2007 7:10PM
Gotta agree with Chris. Vote fraud tends to be one sided.
Eric @ Jul 29th 2007 7:40PM
Hey locksmith, here is the lock, all the parts, completley diagrammed and oh, here is the key.
Your challenge is to open the safe.
*Click*
Well, that was quick...
Alexander @ Jul 29th 2007 9:41PM
The point was that these things are supposed to be UNBREAKABLE. The issue is with the 'security' or lack of it in these units.
Even if you take out the source code--the machines are still extremely vulnerable to physical attacks, and then the source doesn't matter. Another program is running on the machine, that looks legit. People won't know, because it's a private ballot, and there is no paper trail to prove it one way or the other.
Fool Proof Solution:
Checking in would require a state-issued photo ID as well as your SS card. You would sign a book, and you would swipe your photo ID and social security card through a scanner which would be used to calculate a key-pair of 1024-bits as well as taking a picture of each one. This would be stored onto a smart-card which would be loaded into the machine when you went up to vote.
The actual unit would have no physical buttons, only a touch screen. You start by putting the smart-card into the slot, and then it would take your picture with a camera that is on the top of the unit. It would then check the picture against your stored photo from your state ID on the smart-card. Then you are validated, and allowed to vote. Your new picture is then stored and is added into the data that will be sent out and written to on your ballot later. It would be uploaded and would be checked again next vote. You would then pick your language, and then proceed.
Voting would be picture based, with the names printed large enough for even the blindest person to read. I don't think this needs to be elaborated further.
Your vote is printed out on a tape reel that is inside the unit, with a physical paper punch and thermal/laser printer on the same paper. It is encoded with your social security number present, as well as your picture at the poll booth, and your signature, and your state ID. The paper print out would be inside canisters similar to photo-booths as there doesn't need to be any human-readable data. It can be very small, and one canister could hold thousands of votes. The paper would have the punched data on one side, and the laser print on the other.
The unit would be filled up with epoxy resin to resist physical attacks, and have a suicide kill switch that would erase all program memory and CPU instructions if it detects that the unit is being disassembled--except for the paper-canister, that is. The units would be connected via wireless/wired to an AP that would be using encryption as well as MAC filtering which would tally the votes and would be guarded by an armed guard. The computerized count would be verified by the paper ballots--both the paper punch and the printed--and then would be checked by the person who voted online at some other location.
4 checks:
1. Sign-in check (valid ID and SS)
2. photo at booth validate previous ID and SS
3. encrypted paper and physical punch, as well as computer storage
4. Online by yourself, after your vote has been tallied.
The physical attacks are really the only attacks that can't ever be prevented: It came together, it must come apart somehow. We can only minimize the usefulness of the hardware after the breach.
Andrew @ Jul 30th 2007 3:18AM
I think I'm going to stick to paper. with a paper trail. nice concept, but I'm not going to spend more than 15 minutes in that booth. and sorry, 5 hours to do all that crap, as well as a follow up, are not under the 15 minute deadline.
peshue @ Jul 29th 2007 8:17PM
So if you give people access to where the votes are kept, in this case a computer, they can mess with them. Isn't this the same flaw the voting system has had forever?
dx @ Jul 29th 2007 9:00PM
You are so very right. Voter fraud has been a problem for a long time now. Only engadget would have you believe that it's been a problem since "Diebold and friends" (read: Republicans) have been involved.
Correct me if I'm wrong... didn't the US voter recently elect a Democratic (read: "white hats") MAJORITY in Congress and the Senate using Diebold voting machines? So either this is not as big a problem as engadget is leading us to believe OR the Democrats reprogrammed those Diebold machines (read: cheated).
Also important... notice how engadget only reports the electronic voting fraud when the Democratic candidate loses??? Go back and read, it's very amusing.
And by-the-way, before you call me names, this comes from someone who a majority of the time votes for the Democratic party.
jbcaro @ Jul 29th 2007 8:36PM
Weren't Washington and Adams of the Federalist party and not the Independent party?
j
Juaquin @ Jul 29th 2007 8:58PM
Maybe the program can only accept a party from a list, not just any text string. Sure, that could be hacked too, but it's just a proof of concept. I think that this is an accurate test - sure they had documentation, but if someone really wanted to rig an election I'm sure they're in a position where they could get this information as well.
anon @ Jul 29th 2007 9:10PM
Except that for Superman and Batman it shows DC Comics.
Juaquin @ Jul 29th 2007 9:01PM
I think we'd be better off if the machine recording the votes was kept back from individual booths, and just have the booths be a dumb terminal to interact with. Just like you can take your individual ballot back with you, but the box where all the votes are is kept in a place where tampering would be evident, with people watching it. Might make things a little bit more secure.
Steve @ Jul 29th 2007 9:06PM
I would have said it was completely the other way around. Are you saying that Karl Rove is above rigging elections and hasn't done it before? Do you really think that most people involved with high tech and would be capable are Republicans?
ypod @ Jul 30th 2007 8:50AM
Dude, never forget these famous words:
"A common mistake that people
make when trying to design something
completely foolproof is to underestimate
the ingenuity of complete fools."
Douglas Adams (R.I.P.)
Chuckles McGee @ Jul 29th 2007 9:44PM
President Superman might be able to leap the capitol building in a single bound, but President Evil promises tax cuts of...100 billion dollars!
SiLo @ Jul 29th 2007 10:26PM
I agree that this really /isn't/ a realistic "hacker test." As a "hacker"/reverse engineer myself I can attest that most of the time you aren't given half of this. You're given said piece of equipment/software and are told to use your tools and given whatever (if any) information past efforts have yielded and you go from there.
While I am sure hardware and software reverse engineering are different to an extend (tangible vs intangible, physics vs code, etc), the base principle and process is the same: test, record, test, record, compare, make hypothesis, test, record, compare, test hypothesis, form new ones, repeat. You follow the scientific method over and over until you get some test data that matches your hypothesis nearly every time.
Anyhow, the point is that they were given a ton of information that "real life" cases would not. The source code? LOL, that would make the job TONS easier for any rever.
James @ Jul 30th 2007 4:21AM
Silo, normally you would be right, except that you can apparently buy a fully-functional voting machine on eBay: http://www.votetrustusa.org/index.php?option=com_content&task=view&id=1673&Itemid=51
I'm sure the enterprising hacker could pull the executable out of memory and at least have a disassembly to work with, which is more than enough for the average motivated college kid to crack Securom, so why not rig the machine?
coffeepot64 @ Jul 29th 2007 10:37PM
Alexander, have you ever voted? Half the things you mention are already in place. And what good would it do to take our picture so often? The votes are anonymous and the picture doesn't say who you voted for, its still totally hackable.
Steve @ Jul 29th 2007 11:02PM
I hope that this isn't used by evildoers to hurt Dennis Kucinich with his campaign. Go Dennis Go!
l2k @ Jul 29th 2007 11:06PM
How about this? I know it sounds novel. I might have said it before:
No touch screens, no machines. Paper ballot. X marks the choice. Election judges, actual humans, count the paper ballots. Paper trail is in now intact. No one can hack enough election judges to make a real difference unless the election is remarkably close. Takes a little bit longer to tally results, but has infinitely more integrity.
BigD145 @ Jul 29th 2007 11:18PM
Paper ballots. Paper ballots! Argh!!
It really doesn't take much longer. Not to mention the fact that we have until JANUARY to count and verify.
mosh @ Jul 29th 2007 11:45PM
must be opposite day
Tachion @ Jul 30th 2007 12:52AM
This is pathetic.
My bank has Diebold ATMs that work flawlessly and as far as I know have never been hacked. You'd think they'd be able to have at least the same level of security on a voting machine.
James @ Jul 30th 2007 4:45AM
Absolutely 100% true. The problem is not that electronic voting is so hard, it's that the voting-machine companies have their arms tied behind their backs by states unwilling to get on board with a genuinely secure national ID card (OK, and the fact that most states are so willing to allow a black box/"closed" system to be installed after iffy testing by unknown "independent" labs).
Without a way of making sure you're who you say you are, it's basically impossible to be sure your vote is being recorded properly. When you go to an ATM, it checks something you have (your card) against something you know (your PIN), then has a conversation with a centralized recording system in real-time to report your transaction, and gives you a receipt detailing what the machine thinks you did so you can report any errors. The only thing stopping us from having a system like this for voting -- central database matching your name, SSN, and photo to a nationally-recognized ID card -- is politics (and complacency that the current shoddy system is "not so bad").
To reiterate:
1.) Set up a national photo ID that is difficult to duplicate (physically). Allow the voter to pick a PIN when they get the ID. The process should be exactly like getting an ATM card, except of course you need proof of citizenship and residency to get it.
2.) Create and secure (!) state-level databases of who has voted, with a *separate* database to record the actual votes. There are industry standard protocols for making sure that the two databases cannot fall out of sync.
3.) Create a paper receipt, with the voter getting the printed copy while a carbon is stored internally. Clearly print the name of each candidate voted for. Use physical carbon paper (not two separate printouts) so that even if the machine is hacked, it's impossible to make the internal copy not match the external one.
4.) The only way to interact with the machine should be the ATM-standard keypad plus 4-8 buttons. I shouldn't even have to type this, but no administrative software should even reside on the machine. It should use write-once memory (PROMs, not EEPROM or other writable stuff) and be rebooted frequently and randomly by election workers, perhaps even between each vote. This way, any changes a hacker could make are discarded immediately prior to a vote being cast.
Whew, I didn't expect to rant that much. Thing is, I think good security isn't that hard, it's just a matter of thinking through all the variables and designing something that works. There's plenty of think-tanks out there willing to help with design, if anybody is willing to listen.
Duncan @ Jul 30th 2007 1:36AM
The story of "Mikah the hero" comes true...
SiLo @ Jul 30th 2007 8:53AM
James, I agree that having the device and pulling the "firmware" directly off of it and having it in machine code (assembly or whatever it may be) would quite helpful although still a bit complicated. Sometimes the source compiles into strange assembly (depends on compiler) or sometimes companies purposely add "seemingly useless" code to obfuscate their code in assembly for the sake of anti-reversing (however, I doubt Diebold would do such a thing).
I was assuming they meant "source code" as in C/C++ or whatever high-level language they used. Of course, it is (usually) always possible to get the source code by extracting it from ROM or whatever the have stored it on to (I sure hope it isn't some IDE/SATA hard drive).
I am not defending Diebold in ANY way, shape, or form because I know they are pretty terrible developers. Their original system was hacked and their FTP site hacked as well so the hackers got their software they use to read the ballots and it was discovered that they were no more than glorified MS Access databases. No security what so ever.
All I am trying to say is that this test is really not accurate what would be given. Sure, the hackers could get a voting machine, work on hacking it in time for the elections and go from there.
M. Simon @ Jul 30th 2007 12:58PM
I remember listening to the Elections in Omaha in 1960. I listened to WLS. A bunch of ballot boxes we lost. Then - a miracle - they were found. Chicago was "owned" by the Kennedy family at the time. Well, I hated Nixon. No biggie.
Testing with all the source is not a bad idea - it saves time - and it represents the worst case. Otherwise it just takes longer, but the outcome is not in doubt.
I like paper. Electronic counting is fine. In fact two counts by machines from different vendors is even better. Plus there is always the opportunity for a human count. ID is also a good idea. Nothing is fool proof. Too many fools.
Dasher @ Jul 30th 2007 1:45PM
The problem with electronic voting machines is the lack of a paper trail. Therefore no effective recount is possible.
Voting machines can be hacked before they arrive at the voting place. And who would know. Machines can be hacked to randomly switch a certain number of votes.
The machines are only the tip of the iceberg. What is really needed is a requirement to prove citizenship at time of registration. i.e. Birth certificate or passport. Only with a verified registration would a drivers license work to connect the two together. Proof of residency. And a means to determine voters registered in more than one state, a way to remove those who have passed away from voter rolls.
Since Democrats have always objected to any form of verification, it is obvious what side of the security problem they are on.
Jeff @ Jul 30th 2007 2:08PM
The issue is not verification of voter records or even encryption of the voting data. These are both necessary things, but the real issue is that hackers have the ability to download THEIR OWN version of code to run on the evoting computer. Once you can do this, you invalidate everything else.
How do you solve this problem? Use a secure hardware solution that verifies that downloaded code is encrypted and signed with the correct key. If it isn't, it doesn't run.
You can publish the manuals, source code, encryption method, give access to the entire machine -- in other words be totally open to everyone for hacking. Yet, if they don't have the correct code signing key, nothing will happen. Make the encryption method and key strong enough so that the lifespan of this encryption using current computers is greater the usefulness of the information -- in other words about 6 months.
l2k @ Jul 30th 2007 10:05PM
National ID card that one has to swipe to vote? What happened to secret ballots? And don't give me any BS answer about data encryption and protection. If the data's there, it's there. Subversion of the secret ballot. Sorry, no good.
Now, before you cast your secret ballot, should you need to register? Well, of course. Should there be a way to verify that you are not only a resident of your district but also a citizen of the US? Yup. Is there today? Nope. Do you need a national ID Card to do this? Not even close. You need political will to do it, not a new card system.
My state uses fill in the circle paper ballots which are counted by machine. This is an acceptable compromise in my eyes, because it leaves a paper trail of "X" marks the vote ballots that can be Human counted, if there is a challenge.
I'd still rather see ballots counted by hand. Not just for the integrity it can add to the process, but it is a way for people to actually be involved in the political process that rules the nation rather than the trend of being further and further disconnected from it as our "push button" society continues it's seemingly ceaseless march. This is important enough stuff for us to stop and take time out for. In fact, I'd even be in favor of making the day of national elections a national holiday. Let's honor how much choice we have rather than neglecting it and losing it and handing control of it to a small group of faceless politicians and corporate technologists.
the constant skeptic @ Jul 30th 2007 10:40PM
guys guys.... your forgetting that electronic voting means it is easier to fix the election... it is a win win for both sides (since they are sides of the same coin that is the illuminati, world bank, imf, council of foreign relations, NATO, UN, new world order types coin that is ruling our world through manipulation of our reality.
this post was probably one of those subtle manipulations, to flush out the hacks who might actual try to make the elections fair.
why do you think they still have the antiquated 'electoral college' system? as a backup so people like gore do not get in (not that I am complaining about that one)
zombie gursha @ Jul 31st 2007 9:18AM
The Dems will always accuse the Republicans of cheating whenever they lose. They keep bringing up the cheating in the two elections that Bush won. Nothing has ever been proven.
The first election that Bush one was the result of the Democrats strategy of winning "key" states while excluding the others. Look back at the states that Gore won. Look at the vote total of the states that he won. He won those states in a landslide. That was really all he needed, plus his home state of Tennessee.
This way Gore could have won the "key" states plus his home state. He would have won the election no matter how far behind he was is the popular vote.
In looking at the county by county vote and the allocation of Democrat votes to Pat Buchannan, I looked at a county by county analysis and found no statistical variations.
If you go back and look at the data you will notice that Pat Buchannan did receive significantly higher vote totals in several counties, but you will also note that those counties had significantly higher populations.
In the second election that Bush won, the Dems turned to the state of Ohio. They had accusations of massive voter fraud in Ohio even before the polls were closed. Again nothing was ever proven.
Thanks
j.nc @ Jul 31st 2007 11:39PM
Any... _Any_ device once out in another's hands is hackable. Locks, Safes, PCs, Car ignitions, etc. Why a voting machine would be any different is beyond me. No news here. Move along.