Wednesday, July 27, 2005

Multiple vulnerabilities in Diebold Optical Scan

A post by Bruce O'Dell in Risks Digest summarizes the results of a demonstration of many ways to hack election results in one of the most widely-used optical scan vote counters.
"Exploits available with this design include, but are not limited to:

1) Paper trail falsification - Ability to modify the election results reports so that they do not match the actual vote data

1.1) Production of false optical scan reports to facilitate checks and balances (matching the optical scan report to the central tabulator report), in order to conceal attacks like redistribution of the votes or Trojan horse scripts such as those designed by Dr. Herbert Thompson.

1.2) An ingenious exploit presents itself, for a single memory card to mimic votes from many precincts at once while transmitting votes to the central tabulator. The paper trail falsification methods in this report will hide evidence of out-of-place information from the optical scan report if that attack is used.

2) Removal of information about pre-loaded votes

2.1) Ability to hide pre-loaded votes

2.2) Ability to hide a pre-arranged integer overflow

3) Ability to program conditional behavior based on time/date, number of votes counted, and many other hidden triggers.

Labels: , ,


Post a Comment