[RandiRhodes] GROUP: 'Vote counts can be changed with the flip of a a switch'

[Guest guest]

" Stevo " <blue_meanie_9

Mon, 31 Jul 2006 14:45:05 -0700 (PDT)

[RandiRhodes] GROUP: 'Vote counts can be changed with the

flip of a a switch'

 

 

 

 

Group identifies new flaws in Diebold evoting machines

RAW STORY

Published: Monday July 31, 2006

 

 

 

GROUP: 'Vote counts can be changed with the flip of a a switch'

The Open Voting Foundation, a California-based nonprofit

organization that works to promote the adoption of " open source "

technology to the nation's voting machines, has announced it has found

what it calls the " worst ever security flow found in Diebold RS voting

machines. "

The Foundation claims to have discovered a switch inside of the

machine which, when flipped, can have the machine operate in " a

completely different manner compared to the tested and certified version. "

" Diebold has made the testing and certification process

practically irrelevant, " said the Foundation's President Alan Descert,

in a statement obtained by RAW STORY. " If you have access to these

machines and you want to rig an election, anything is possible with

the Diebold TS -- and it could be done without leaving a trace. All

you need is a screwdriver, " he continued.

Technical specifications of the report may be read in the

statement, an excerpt from which follows:

#

Open Voting Foundation is releasing 22 high-resolution close up

pictures of the system. This picture, in particular, shows a “BOOT

AREA CONFIGURATION†chart painted on the system board.

The most serious issue is the ability to choose between " EPROM " and

" FLASH " boot configurations. Both of these memory sources are present.

All of the switches in question (JP2, JP3, JP8, SW2 and SW4) are

physically present on the board. It is clear that this system can ship

with live boot profiles in two locations, and switching back and forth

could change literally everything regarding how the machine works and

counts votes. This could be done before or after the so-called " Logic

And Accuracy Tests " .

A third possible profile could be field-added in minutes and

selected in the " external flash " memory location, the interface for

which is present on the motherboard.

This is not a minor variation from the previously documented attack

point on the newer Diebold TSx. To its credit, the TSx can only

contain one boot profile at a time. Diebold has ensured that it is

extremely difficult to confirm what code is in a TSx (or TS) at any

one time but it is at least theoretically possible to do so. But in

the TS, a completely legal and certified set of files can be instantly

overridden and illegal uncertified code be made dominant in the

system, and then this situation can be reversed leaving the legal code

dominant again in a matter of minutes.

These findings underscore the need for open testing and

certification. There is no way such a security vulnerability should be

allowed. These systems should be recalled

http://www.rawstory.com/news/2006/Voring_machine_grup_identifies_new_flaws_0731.\

html