SecurityFlaws
Latest
Sprint issues OTA fix for HTC Android handset vulnerability
Earlier this month, we found out that after a software update HTC's Android handsets had a serious security flaw -- any app could gain access to user data, including recent GPS locations, SMS data, phone numbers, and system logs. To its credit, HTC responded quickly to the security issue, and now an OTA update with the fix is going out to those on the Now Network. Sprint users with an EVO 4G, 3D, Shift 4G, Design 4G or View 4G can get the download, as can Wildfire S owners. The patch available now for a manual download, and more info on the fix can be found at the source below. [Thanks, Korey]
Researchers show Diebold voting machines unsecure, citizens shocked
We're all for hacking stuff, generally, but hacking democracy for malicious purposes is just plain uncool. While no one's definitively proven that such a scenario has ever actually happened in real elections, vote-hacking remains a distinct possibility, given the state of our electronic voting equipment. If you were unconvinced the last time we covered this, of just how shoddy these Diebold voting machines are, here's another arrow in our quiver: Princeton University researchers have taken apart a Diebold machine, examined it from every angle, written a new paper on its flaws and have come to the following conclusions: 1) Malicious code "can steal votes with little if any risk of detection." 2) Said code can be installed in one minute or less. 3) The Dieblod machines run Windows CE 3.0 -- so, they're susceptible to viruses. 4) Some problems would require the entire replacing of hardware, yet another security risk. Still though, we would love to see a debate between the two candidates in this fictitious election: George Washington and Benedict Arnold.[Via Boing Boing]
Diebold Voting Machine hacked in four minutes flat
It's an old adage in politics that you need truckloads of money to get elected. Apparently you can now buy an election for what you'd spend in a few days on cups of coffee. Black Box Voting found that given $12 in tools, four minutes, and a little determination, you can access a Diebold voting machine's memory card, remove and replace it without a trace. This new development really isn't all that surprising given that it's been shown that these machines can be hacked in more than one way, even by monkeys. Concerned citizens, just switch to absentee paper ballots from now on -- it may be low-tech, but it's a hell of a lot more secure going the "old-fashioned" way.[Via Slashdot]
More security woes for Diebold
It's no secret that Diebold's electronic voting gear is, um, a little lax in the security department, and now a non-profit group known as the Open Voting Foundation has found "what may be the worst security flaw we have [ever] seen in touch screen voting machines" in the company's older TS model. Apparently these devices -- which produce no paper record of voters' choices -- contain a switch on the internal motherboard (pictured above, with handy onboard instructions) that would allow nefarious hackers to toggle between the two pre-installed boot profiles and "change literally everything regarding how the machine works and counts votes." Even worse, the board also sports a slot for external flash memory from which a third profile could be "field-added in minutes," allowing unsavory characters to overwrite certified files with their own data before switching the machine back to its unaltered state -- with no one the wiser. It looks like Diebold has two options for addressing this nagging problem: either they can open up their machines and source code to a thorough external audit and adopt the resulting suggestions (unlikely), or they can take the simpler route and just get their friends in Washington make it illegal for rabble-rousers like the Open Voting Foundation to play with their toys.[Via The Register]
