Princeton prof picks up e-voting machines on the cheap
security holes than a slice of Lorraine Swiss, but it took a Princeton professor and $82 to discover just how bad the situation really is. Now, one would think that election officials would destroy their old terminals instead of selling them to the general public for practically nothing (the ~$5,000 devices are going for less than $20 apiece), yet that's exactly what Buncombe County, North Carolina did with 144 of its retired Sequoia AVC Advantages. First manufactured in the late 80's, the Advantages use old-school push buttons and lamps instead of the touchscreens found on more modern models -- and yet according to Princeton's Andrew Appel, they're actually more secure than those Diebold machines that fellow faculty member Ed Felten totally pwned several months back. Still, Appel and his students found numerous problems with these Sequoias that are still being used in parts of Colorado, New Jersey, Pennsylvania, and all across Louisiana: not only were they able to pick the machines' locks in under seven seconds, they discovered that the non-soldered ROM chips were easily replaceable, allowing a hacker-in-the-know to potentially swap them out with outcome-altering data. A Sequoia spokesperson claims that any tampering with the machines would set off an alarm at their headquarters, but Appel argues that this security precaution could easily be overridden with the right code. So this is just great: now we know that a determined individual could easily pick up still-in-use machines (for a song), reverse engineer them to figure out the security roadblocks, and then sneak into a church basement or gymnasium where many of these terminals gather dust for 364 days a year. This is a big problem, folks, and let's hope it doesn't take an election Enron for some serious changes and regulations to be enacted by the feds.