UPDATED: Hacking The Diebold AccuVote-TS To Steal Votes, Infect Other Machines And Not Leave A Trace

Published on September 18th, 2006

We’ve done other stories on the vulnerabilities of electronic voting machines and specifically rigging this machine, but now we have a Princeton research project showing that it almost seems like it was designed with rigging in mind. On their web site they have a full technical paper on how this works. Now go out and vote!

This paper presents a fully independent security study of a Diebold AccuVote-TS voting machine, including its hardware and software. We obtained the machine from a private party. Analysis of the machine, in light of real election procedures, shows that it is vulnerable to extremely serious attacks. For example, an attacker who gets physical access to a machine or its removable memory card for as little as one minute could install malicious code; malicious code on a machine could steal votes undetectably, modifying all records, logs, and counters to be consistent with the fraudulent vote count it creates. An attacker could also create malicious code that spreads automatically and silently from machine to machine during normal election activities — a voting-machine virus. We have constructed working demonstrations of these attacks in our lab. Mitigating these threats will require changes to the voting machine’s hardware and software and the adoption of more rigorous election procedures.

A Diebold exec says the machine they tested had two year old software. It’s much better now. Then I wonder if would be willing to let the latest version be tested.

UPDATE: This just keeps getting better! Now it’s reported that a standard hotel minibar key will open the memory card slot door.

23 users responded in " UPDATED: Hacking The Diebold AccuVote-TS To Steal Votes, Infect Other Machines And Not Leave A Trace "

Subscribe to this post comment rss or trackback url

# 1 0113addiv said, on September 18th, 2006 at 4:58 am

Civilization is going to end by the hand of someone like a Bush (and party) using technology that is only in the hands of the powerful. With nanotechnology coming the world is at the mercy of the ones with the resources to procure these weapons for world domination. All it takes is another Hitler who can seduce America by nationalism. Throw away your U.S.A flags. Don’t trust in a symbol. Don’t trust in a cloth. The diabolical will use the flag, as they have, to enslave you even further. That is why they are getting closer to passing a law to ban American flag burning. The day that law is passed is the day the 4th Reich will be born. BEWARE.

# 2 Mister Mustard said, on September 18th, 2006 at 5:00 am

Hey, with the ‘06 and ‘08 elections coming up, the Repubs have to do SOMETHING to insure they don’t take a drubbing.

# 3 Murdoch said, on September 18th, 2006 at 5:11 am

Horrific, if not that surprising given the long-understood problems with Diebold stuff and its cavalier disregard for accountability. Although the company is notorious as being rabidly Republican-supporting it’s to be hoped that ethical Republicans will help to ensure that Diebold machines are simply not allowed in any public voting environment until they’ve been satisfactorily vetted by skilled, independent observers. Putting the boot into this contemptible company goes beyond partisan politics and is a public duty for anyone concerned about ensuring proper democracy and public participation.

# 4 Improbus said, on September 18th, 2006 at 6:50 am

I feel the urge to volunteer to be a poll worker coming on. All votes to the Pirate Party! Yarrrrrr!

# 5 Davick said, on September 18th, 2006 at 9:13 am

Kripes!

This is our democracy!

Why shouldn’t independant institutions be encouraged to crack this stuff? My county should order a dozen extra machines and send the to tech schools just for this purpose.

# 6 Suzie said, on September 18th, 2006 at 12:13 pm

Don’t obsess over just the machine, lol! We in Maryland recently had primaries for Governor and other state offices, and the entire porcess was a fiasco lol! It’s not just the machines, trust me, lol!

# 7 Pfkad said, on September 18th, 2006 at 12:48 pm

I’ve believed for some time that the entire campaign process is designed to keep people of reason away from the polls. Make politics as distasteful as possible and maybe only the one issue, knee-jerk, talk show radio listeners will show up to vote — it makes campaigning so much easier if you don’t have to deal with thoughtful people. It seems these voting machines are a logical extension of my hypothesis: Go ahead and vote, we won’t count it anyway! Nyah, nyah! The political process in this country disgusts me.

# 8 Mike said, on September 18th, 2006 at 12:58 pm

There has been voter fraud for as long as there have been elections. We are to believe that this will change somehow now that we have technology?

# 9 AB CD said, on September 18th, 2006 at 1:17 pm

Not sure why Diebold is the target. Are they the only ones making computer touch screen voting machines? If they are the ones, then I’m really confused why the Democrats would push so hard after the 2000 election to enrich Diebold, a Republican company..

# 10 Matthew said, on September 18th, 2006 at 1:43 pm

If you want to prove that elections are riggable, theres no better way than to do it to an real election. Munge it so tbad that hat the count is so obviosly flawed that even a recount won’t work.

# 11 ZeOverMind said, on September 18th, 2006 at 3:13 pm

Why don’t they design voting machines that print up two hardcopies of the Voter’s ballot? One hardcopy/ballot could be printed up and given to the voter to make sure that the ballot accurately reflects the voter’s choices.before being submitted official tabulation. A barcode could be printed on the ballot which would list all the candidates and/or issues that were selected by the voter to speed machine recounts, To further authenticate the ballot you could optionally have the voter sign the printed ballot verifying that the ballot submitted accurately reflects the voter’s preferences. (I know there are some issues about anonymity, but it seems that when the punch card system of ballots were being examined in florida during the 2000 election, there were substantial questions about divining “voter intent” on each ballot. Making the voter sign the ballot to verify his/her votes makes the voter accountable for accuracy.) At the same time as the voter’s ballot is also printed; a second identical record with barcode would be printed and spooled inside the machine under lock and key to leave a backup paper trail of all electronically tabulated votes. I think this system would allow a quick reporting of all electronic tabulation of votes and if there are any contested races or issues in an election, a ballot that is both human and machine readable is available for recount and a second hardcopy inside each machine is available for verifying any tampering of the machine itself.

The key of course is to leave a paper trail and not solely relying upon electronic record keeping. I don’t understand why this is such a difficult issue to resolve.

# 12 AB CD said, on September 18th, 2006 at 3:36 pm

Yeah it’s fairly simple, except for that pesky little anonymity part. We do have a secret ballot here, so having voters sign each ballot doesn’t work. In some places, they produce a computer ballot, which the voter then drops in another machine that tallies the votes. Seems simple enough. Or they could just use paper ballots. A hand count wouldn’t take that long. And with today’s scanning software, a computer counter could be used as well.

The only bright side I see in implementing these touch screen voting machines is that it took away the left’s enthusiasm for internet voting, I hope.

# 13 ECA said, on September 18th, 2006 at 4:49 pm

AND,
This machine costs HOW MUCH???
dont have checksum protections??
Ram Evaluations??
Data evaluation??

# 14 Mark T. said, on September 18th, 2006 at 5:27 pm

Hmmm, sounds like not matter who wins the next election that we will have another disputed election result on our hands. This time it won’t be accusations of hanging chads but of hacked bits. We will be back to cries of how the election was stolen and add to the general distrust of the electoral process.

There is no perfect solution. But, I agree with Davick, they should let C.S. grad students across the country have at these machines and let them find the vulnerabilities. Make a challenge out of it and they will find the flaws and new ways to make it truly secure.

# 15 Smith said, on September 18th, 2006 at 5:58 pm

The entire electronic voting system was created because the Democrats turned Florida ballot-counting into a fiasco. How typical that the liberals would then blame computer voting problems on Republicans.

How is it possible for anyone, who hasn’t been in a coma for the last fifteen years, to not see that computer voting booths are a hacker’s dream? I swear to God, the representatives from blue states are braindead. And the representatives from red states are gutless for refusing to stand against the idiocy insisted upon by the braindead.

# 16 ArianeB said, on September 18th, 2006 at 6:19 pm

I agree with #11

There is another company that maked voting machines that do just that, print out a paper copy that the voter can see to check. It is not necessary to have the person sign their ballot, just give people the ability to view their ballot before they put it in the traditional ballot box.

If one or two say their ballot is wrong and they made a mistake (it happens), they can correct it. If a lot say there are mistakes, you know its fraud. Then add a safeguard where random districts are required to hand count their ballots to compare the results with the electronic tally before an election is certified.

The reason that the paper alternative machines are not being used is of course because they are more expensive.

Optical Scan FTW!

# 17 joshua said, on September 18th, 2006 at 8:46 pm

There are several qualified companies making the machines. They all come with a locked and sealed paper ballot that is printed as the voter marks the putor ballot. The voter can see the paper ballot being printed to check for errors. Even Diebold has this capability. The problem with Diebold is this…….the goverment, with Democrats also voting for it, gave Diebold an exclusive contract to provide touch screen for any voting district that wants them for free (the feds pay out of the voter improvement money)….but….when they passed the Diebold contract, they did it for the machines WITHOUT the paper trail. If the districts want those, they have to pay for them, and they aren’t cheap.

Some larger, richer districts with vocal activists opted for the machines with paper trail and are paying for the machines themselves. The smaller, poorer districts (white and black) are having a harder time getting them, so they have gone to court to force the goverment to force Diebold to provide tham free as well. They won’t be done before November, but the case should be settled before the 2008 elections.

I love working the polls. And I used to listen to the hard core activists bitch about no paper trail and they would refuse to use the new touch screen without the paper trail ballots. But in the district I worked in the June primary in California, we had gone to the added paper ballot trail, and not one of those activists refused to use them…..in fact they had nothing but praise for them. By the November elections all of California is supposed to have the touch screen, with paper trail in place.

I just never want to see internet voting. That’s when the real corruption will begin.

# 18 joshua said, on September 18th, 2006 at 8:49 pm

Oh…sorry….California went with Diebolds compititor…..they didn’t trust Diebold.

# 19 ECA said, on September 18th, 2006 at 10:32 pm

Write in vote
#1…
DAFFY DUCK.
If enough of us VOTe for him they have to count it. And it can shoow we are tired of ALL THIS MESS.

anyone notice that MOSt of the higher elected officials, DIDNT live in your state?? They werent RAISED anywhere near you, but they got the job? AND then THINK they know your city or state, and HOW its supposed to be run??

# 20 AB CD said, on September 18th, 2006 at 11:21 pm

I read somewhere there is a write in campaign for Samuel L. Jackson for Congress.
Snakes on a Plane, indeed.

# 21 traaxx said, on September 18th, 2006 at 11:46 pm

Top 8 reasons why this might be a problem for the Global Carpet Baggers.

1.) The Mexicans in California might, just might feel disenfranchised when voting for our next President.

2.) The ‘Dead in Chicago’ will turn over in their grave, voting for a Republican and not a Democrat really, those NAZI SOBs. Or will it continue as it has for the last 100 years?

3.) Our Paper trail with mail in ballots will become obsolete, think of the feeling of negelect in Oregon, where as many as 20 ballots have been delivered to a single family residence.

4.) King County Public Employees will lose a lot of over time, because they won’t have to recount the votes until a democrat wins. ( You need to live in Washington to understand).

5.) All the New Yorkers retired in Florida won’t really be able to see the screen and since that generation is usually afaid of any tech they won’t probably vote any way.

6.) Using the Diebold machines will stimulate the economy every two years, after all throwing such an expensive machine into a river is going to add up quickly. This would of couse be bad for the stock market, unless the machines are made in China then watch out!

7.) This will be a great excuse to get both the United Nation in trying to rig our elections. I can see it now a ‘Oil for Votes’ program, Kofi (A Muslim) probably has other children in need of a fortune. We need to think Globally while have others rape our country.

8.) Jimmy Carter can once enter into the lime light. His two last moments were with the Haitian DictatorJean-Bertrand Aristide, the Socialist in President Hugo Chavez in Venezuela. But then Jimmy said he and Idi Amin had the same view on human rights. It’s better than pretending to build houses for the poor.

# 22 DannyA said, on September 19th, 2006 at 4:45 am

Hi John,

Do you have any updates on the testimony of the Programmer Clinton Eugene Curtis [http://www.clintcurtis.com/] and any impacts this may be having?

Thanks.

# 23 Scooby said, on September 19th, 2006 at 7:57 pm

Mr. Voting maching, say hello to Mr. Hammer.

Leave Your Reply Below...

Comment Moderation is Active, so if your comment doesn't
show up immediately, please don't submit it again.

Special Deals 4U

25% off eHarmony subscription with code EHTECH
12-percent discount forever with code TECH
10-percent discount and free month using TECH10
10-percent or 30 dollars off weekly car rental!
Get 10-percent discount on car rental!
Get 10% off rental cars!
Get 10% off Dollar rentals!
Discounts on domain names!