Princeton Researchers: Diebold Electronic Voting Machines Are Highly VulnerableTweet
September 14, 2006
Bottom line: The integrity of elections may be highly suspect where Diebold electronic voting machines are used, because, according to a team of Princeton University researchers who released a paper yesterday, these machines are extremely vulnerable to manipulation. (hat tip: BeSpacific)
Diebold rebutted the researcher's report last night in a statement. They argue that the machine and software the researchers examined is no longer used and that "normal security measures were ignored."
A link to the paper "Security Analysis of the Diebold AccuVote-TS Voting Machine" (pdf) by Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten.
This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities � a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine's hardware and software and the adoption of more rigorous election procedures.
1. Malicious software running on a single voting machine can steal votes with little if any risk of detection. The malicious software can modify all of the records, audit logs, and counters kept by the voting machine, so that even careful forensic examination of these records will find nothing amiss. We have constructed demonstration software that carries out this vote-stealing attack.
2. Anyone who has physical access to a voting machine, or to a memory card that will later be inserted into a machine, can install said malicious software using a simple method that takes as little as one minute. In practice, poll workers and others often have unsupervised access to the machines.
3. AccuVote-TS machines are susceptible to voting-machine viruses � computer viruses that can spread malicious software automatically and invisibly from machine to machine during normal pre- and post-election activity. We have constructed a demonstration virus that spreads in this way, installing our demonstration vote-stealing program on every machine it infects.
4. While some of these problems can be eliminated by improving Diebold's software, others cannot be remedied without replacing the machines' hardware. Changes to election procedures would also be required to ensure security.
Director of Investigations, POGO
Authors: Nick Schwellenbach