[E-voting] Nedap voting machines successfully hacked

Justin Mason jm at jmason.org
Wed Oct 4 18:12:05 IST 2006 

Colm MacCarthaigh writes:
> As we knew already, the machines run on m64k processors, and it's
> relatively easy to reverse engineer what all of the registers and inputs
> correspond to. The dutch group were able to successfull assemble code to
> run on the machine, and even burn it on the very eeprom that comes in
> the machine. They produced two main demonstrations;
> 
> 	1. A rigged election. "confirm" the checksum, accept votes, but
> 	   to then misrecord the votes at the end of the day. The code even
> 	   includes some clever routines to determine if it's being
> 	   tested. It makes sure the votes were input reasonably 
> 	   randomly and over the course of a few hours. It would not be
> 	   detected in any of the routine tests.

wow! 

I presume this is by adding new code to the *existing* NEDAP OS image, and
burning the new image to the EEPROM?

Does this mean there isn't even any XBox-style BIOS-based cryptographic
verification of the EEPROM's contents?  That seems to be a major oversight
in tamperproofing.

--j.

> 	2. A chess program. Apparantly one of the vendors involved 
> 	   claimed that if voting machines were really computers, he'd
>    	   love to see them playing chess. So, they glued a paper chess
> 	   board to the machines inputs, put magnets on some chess
> 	   pieces and then compield up some chess libraries to run on
> 	   the machine. It even detects the moves automatically, and
> 	   can accurately tell if you've moved the pieces correctly
> 	   for its own move.
> 
> Tha twas two weeks ago, they may well have done even more cool stuff 
> since then :-)
> 
> >>From our point of view, it's important to realise that these things are
> basically undetectable, everything looks the same externally. So only
> the very dodgy seals are our proection against this. Also having seen it
> myself, I have every reason to believe that this is all entirely
> compatible with the Irish machines, there are no significant
> differences.
> 
> I think this is definitely a major opportunity for a press release, both
> to help our Dutch friends with some international support and to give us
> another opportunity to point out that the conclusions of the CEVs report
> actually did suggest many major and costly changes to this completely
> untennable system.
> 
> I'm going to ring RTE's european affaris correspondent (I have his
> mobile) to see if they'll go to the press conference in Amsterdam
> tomorrow. I'm just waiting on the location and time details on the
> conference itself :-)
> 
> Anyway, what say ICTE? time for one more Press release? Tonight is
> possibly a good time for it. Anyone willing to be quoted? I'll do up a
> first draft anyhoo!
> 
> -- 
> Colm MacCárthaigh                        Public Key: colm+pgp at stdlib.net
> 
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/

More information about the E-voting mailing list