Feeds

California e-voting machines have more holes than Swiss cheese

Flaws in all systems studied

The Essential Guide to IT Transformation

Hackers hired to evaluate the security of e-voting machines used in California found serious flaws that could allow for vote tampering in all three systems studied.

The defects included the ability to overwrite firmware, install malicious applications, forge voter cards and gain access to the inside of voting machines by unfastening screws that were supposed to be inaccessible. The defects were found in machines provided by Sequoia Voting Systems, Hart Intercivic and Diebold Elections Systems.

The team was unable to test equipment sold by Election Systems & Software because the vendor dragged its feet in cooperating with the review, which is authorized under California law.

The e-voting machine assessment was part of a "top-to-bottom" review that Secretary of State Debra Bowen undertook earlier this year into all ballot machines used in the state, whether or not they are computerized. Several "red teams" were given access to the source code and user manuals of e-voting machines and directed to hack them if possible.

"The red teams demonstrated that the security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results and of the systems that provide those results," wrote Matt Bishop, the study's principal investigator and a professor at the University of California at Davis.

He said the teams probably could have uncovered additional vulnerabilities had they not encountered significant delays in obtaining information and tools from the three vendors involved. Many documents didn't arrive until July 13, just seven days before the five-week study was concluded. Other software was never delivered at all.

"Despite these problems, the red team testing was successful, in that it provided results that are reproducible and speak to the vulnerability of all three systems tested," Bishop wrote.

Among the findings of the study:

  • Testers were able to overwrite firmware in the Sequoia's Edge/Insight/400-C, in the GEMS system sold by Diebold and in Hart's System 6.2.1.
  • They were also able to bypass physical locks in Sequoia's Edge system by unfastening screws.
  • Testers were able to penetrate Diebold's GEMS server system by exploiting Windows as it was delivered and installed by the vendor. That allowed them to make security changes, including the installation of a wireless device, that were never recorded by audit logs.
  • Testers found an undisclosed account in the Hart software that an attacker could exploit to gain unauthorized access to the election management database.

All three companies challenged the review, arguing that the laboratory environment under which it was conducted was unrealistic.

"This was not a security risk evaluation but an unrealistic worst case scenario evaluation limited to malicious tests, studies and analysis performed in a laboratory environment by computer security experts with unfettered access to the machines and software over several weeks," Sequoia argued in a press release. "This is not a real-world scenario and does not reflect the diligence, hard work and dedication to the stewardship of our nation's democracy that our customers - and all election officials - carry out every day in their very important jobs of conducting elections in California and throughout the United States."

"We believe the process would have been enhanced had the testing team included an experienced election official," Sequoia said in written comments directed to Bowen. "Unfortunately, since no one on the testing team had experience in security procedures and protocols used in California, your team was deprived of having someone with hands-on experience running an election." ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
'Things' on the Internet-of-things have 25 vulnerabilities apiece
Leaking sprinklers, overheated thermostats and picked locks all online
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Tor attack nodes RIPPED MASKS off users for 6 MONTHS
Traffic confirmation attack bared users' privates - but to whom?
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.