[E-voting] huge security vulnerabilities exposed

Catherine Ansbro cansbro at eircom.net
Wed May 17 13:06:14 IST 2006


Yes, the link at BBV *has a link to Hursti's technical report* which you 
can download and read for yourself.  (12-pages pdf)

Also there is a 2nd report due out later today (Hursti IIa) dealing with 
12 lesser but still serious vulnerabilities.  I expect a summary will 
appear on BBV's home page, with a link to the complete technical report.

Catherine

Justin Mason wrote:

>Michael McMahon writes:
>  
>
>>There is a very good article here:
>>http://www.theregister.com/2006/05/14/diebold_e-voting_flaw/
>>    
>>
>
>Thanks, that has a lot of info -- esp a link to this thread:
>http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/1954/27675.html
>which in turn provides a link to the (mildly redacted) report by Harri
>Hursti: http://www.blackboxvoting.org/BBVtsxstudy.pdf .
>
>Going by that, it's an incredible failure on Diebold's part -- it appears
>the boot loader will automatically reflash itself, if presented with a
>suitably-named file on PCMCIA media, and access to the PCMCIA slot is
>protected only by a few standard Philips-head screws. wow.
>
>  
>
>>One interesting aspect is that the whistle-blower election official in
>>the state of Utah who found the problem was fired due to his
>>"unauthorized" actions.
>>
>>Cases like this show how election authorities are effectively "captured"
>>by their system suppliers. In this case, they were more worried about
>>the $40,000 cost of recertifying the equipment than whether it should or
>>could be trusted.
>>    
>>
>
>I'll bet the officials were under NDA, or similar confidentiality
>agreements?  Common practice in the computer industry, but hardly
>compatible with the public service needs of elections, in my opinion.
>
>--j.
>
>  
>
>>Michael.
>>
>>Justin Mason wrote:
>>    
>>
>>>Have you got any links to solid technical info about these
>>>vulnerabilities? This is the first remotely technical info I've heard...
>>>
>>>--j.
>>>
>>>Catherine Ansbro writes:
>>>  
>>>      
>>>
>>>>This has been breaking over the last week in the USA.  It is huge.  It 
>>>>relates to the most serious security vulnerabilities uncovered so far, 
>>>>as the result of Harri Hursti and Security Innovation's examination of 
>>>>the Diebold TSx voting machine in Emery County Utah as carried out by by 
>>>>BlackBoxVoting.org.
>>>>
>>>>The vulnerabilities are so devastating that they cannot be remedied.  
>>>>There are several levels of vulnerabilities--
>>>>
>>>>1) bootloader (this vulnerability is the most serious of all)
>>>>2) the Operating System (Windows CE)
>>>>3) software relating to the voting/counting application (we knew about 
>>>>some of these already)
>>>>
>>>>There are catastrophic hardware vulnerabilities as well.
>>>>
>>>>The only mechanisms that could be used to "clean" a compromised machine 
>>>>could also be used to reinfect it  And there's virtually no way to check 
>>>>for contamination in the first place.
>>>>
>>>>Avi Rubin, Doug Jones and others are practically shitting bricks over 
>>>>this.  (One compared it to a "nuclear bomb"; another said what they knew 
>>>>from previous reports was a 6 out of 10 but this one is a 10 out of 10.)
>>>>
>>>>There are a number of outstanding threads at BlackBoxVoting.org about 
>>>>all this, including a link to Hursti's first report which covers the 
>>>>three serious vulnerabilities mentioned above.  A second report will be 
>>>>issued tomorrow dealing with 12 more vulnerabilities which, though also 
>>>>serious, are not in the same league of seriousness or irremediability as 
>>>>the first three.
>>>>
>>>>There is obviously LOTS more to be said about this.
>>>>
>>>>*Among other things - regarding the Irish system *(which has hopefully 
>>>>bit the dust but since there's no CEV report out yet we cannot be sure).
>>>>
>>>>For example,
>>>>Did the technical team hired by the CEV have actual physical access to 
>>>>actual voting machines, preferably chosen by them at random?
>>>>Was the OS available for full code inspection?
>>>>Would their inspection have been forensic in nature, and would it have 
>>>>uncovered potential backdoors in the bootloader or elsewhere?
>>>>
>>>>Catherine
>>>>
>>>>
>>>>
>>>>
>>>>_______________________________________________
>>>>E-voting mailing list
>>>>E-voting at lists.stdlib.net
>>>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>>>http://evoting.cs.may.ie/
>>>>    
>>>>        
>>>>
>>>_______________________________________________
>>>E-voting mailing list
>>>E-voting at lists.stdlib.net
>>>http://lists.stdlib.net/mailman/listinfo/e-voting
>>>http://evoting.cs.may.ie/
>>>
>>>      
>>>
>
>
>
>  
>




More information about the E-voting mailing list