It is currently Sat Oct 25, 2014 3:33 am

All times are UTC - 4 hours [ DST ]




Post new topic Reply to topic  [ 2 posts ] 
Author Message
 Post subject: “Hotel Minibar” Keys Open Diebold Voting Machines
PostPosted: Tue Sep 19, 2006 7:30 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Sat May 29, 2004 11:46 pm
Posts: 14444
Location: NC
“Hotel Minibar” Keys Open Diebold Voting Machines


Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.


LINK TO STORY

Catherine

_________________
Image

"Behind every great fortune lies a great crime."
Honore de Balzac

"Democrats work to help people who need help.
That other party, they work for people who don't need help.
That's all there is to it."

~Harry S. Truman


Top
 Profile  
 
 Post subject:
PostPosted: Fri Sep 22, 2006 3:01 am 
Offline
Site Admin
Site Admin
User avatar

Joined: Sat May 29, 2004 11:46 pm
Posts: 14444
Location: NC
New RFK Jr. article will explore if 2006 election can be hacked


In the upcoming issue of Rolling Stone, environmental lawyer Robert F. Kennedy Jr., along with award-winning writer Dick Russell, deepens his investigation into America's electoral process, according to a press release received by RAW STORY.

"Following the debacle of the 2000 presidential election, touch-screen voting machines promised to make voting as easy and reliable as withdrawing cash from an ATM," the press release states. "In 2002, privately owned Diebold, the world’s third-largest seller of ATMs, was awarded a contract to install 19,000 voting machines across the state of Georgia even though its bid was the highest among nine competing vendors, and it had only recently completed its acquisition of Global Election Systems (a voting-machine firm that owned the technology Diebold was promising to sell Georgia)."

"But as November's high-stakes midterm elections approach, electronic voting machines are making things worse instead of better," according to the press release. "Studies have demonstrated that hackers can easily rig the technology to fix an election – and across the country this year, faulty equipment and lax security have repeatedly undermined election primaries."

In the article, Kennedy interviews former Diebold consultant, Chris Hood, who "reveals to what extent our right to vote is at risk."

Excerpts from the article, which will be online tomorrow at Rollingstone.com:

ARE HERE

_________________
Image

"Behind every great fortune lies a great crime."
Honore de Balzac

"Democrats work to help people who need help.
That other party, they work for people who don't need help.
That's all there is to it."

~Harry S. Truman


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC - 4 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Blue Moon by Trent © 2007
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group