[E-voting] Nedap voting machines successfully hacked

Fergal Daly fergal at esatclear.ie
Wed Oct 4 22:54:44 IST 2006


On 04/10/06, Justin Mason <jm at jmason.org> wrote:
>
> Colm MacCarthaigh writes:
> > On Wed, Oct 04, 2006 at 06:37:02PM +0100, Justin Mason wrote:
> > > Colm MacCarthaigh writes:
> > > > On Wed, Oct 04, 2006 at 06:12:05PM +0100, Justin Mason wrote:
> > > > > I presume this is by adding new code to the *existing* NEDAP OS image, and
> > > > > burning the new image to the EEPROM?
> > > >
> > > > Nope, I think it was easier to write entirely new code. Though there are
> > > > dissaembles of the original code too.
> > >
> > > I'll bet there is.  Incredible -- that should be protected by so much
> > > anti-reversing code and crypto...
> >
> > They can't, because the code is changed slightly for each election,
> > depends on the candidates and so on.
>
> of course.  ugh, that's a nasty hole.

As long as each image is signed with the correct key it should be OK.
The signed image could include the candidates or you could just sign
the segment of data that has the executable and not care about the
candidates.

Not that I'm proposing this as a solution. Any system that checks
itself cannot be trusted (XBox checks itself but is not asking me to
trust it),

F

>
> --j.
>
> _______________________________________________
> E-voting mailing list
> E-voting at lists.stdlib.net
> http://lists.stdlib.net/mailman/listinfo/e-voting
> http://evoting.cs.may.ie/
>



More information about the E-voting mailing list