Electronic Voting Technology is still a controversial topic: on the one hand there is the need to improve voting operations through an effective method for votes computation, on the other there are some perplexity due to the effective security of this technology.

Diebold's electronic voting technology has been tested for long before being introduced officially, but now, researchers at the Open Voting Foundation have come up with what they call as "the most seriois flaw" in electronic voting technology yet documented.

The Register reported last week that according to the Open Voting, "it's possible to get Diebold's AccuVote TS touchscreen voting machine by toggling a single switch, to boot from an unverified external flash drive instead of the device's built-in firmware , which is stored on a EPROM chip..."

Jeopardizing this technology now, means opening the voting maching and being uncommonly skilled about hardware and programming, but there are plenties of crackers that would like to take this challenge...

To be more precise, the problem seems to reside in the poor design of the motherboard which resembles those motherboard used in the old NeoGeo arcade videogames.

Old school hackers know very well how easy was to tamper that electronic, substituting the Eprom or even mounting a multiple Eprom set.

This kind of tricks seems working fine also on this voting machine; at least three ways to tamper with the machine behaviour have been identified so far.  It is basically possible by adding an additional Flash memory to the motherboard; the switches allowing to choose if booting from withing the original Eprom or the new Flash memory are already present, all you need to do is... to switch them.

In this way, the machine would carry a double personality one standard, the second evil. To be more precise, it has been found also the way to add a third personality by implementing an external flash memory.

More details about the full tricks at Opening Voting Foundation's website. 

The problem indeed aren't just the attempts to pilot voting operation, but also those people who would try to overcome voting machine's security tools to win a personal challenge or -quoting Zone-H digital attack Archive - "..just for fun!". The problem is that the developers did't manage in creating a voter-audited paper trail during elections tallied by the machine: to rig an election it would be enough to have access to the machines and possessing a screwdriver: anything it will be possible with the Diebold TS, without leaving a trace.

Around the world, many countries are attempting to make electronic voting technology safer and safer, but by now the system is far from being perfect, especially where electronic methods have completely replaced traditional ones. A digital attack could easily vanify the pools and no trace would be left in order to allow the commission to verify the election's outcome.

Comments Index (Total Messages: 0)

Post Reply
Name:	Guest
Title:
Comment:
Enter this security word

Powered by a Zone-H(ified) version of AkoComment 3.0!