Re: Possible OVC "sub project"?

From: Ron Crane <voting_at_lastland_dot_net>
Date: Thu Apr 28 2005 - 11:34:20 CDT

On Apr 27, 2005, at 10:55 PM, Joseph Lorenzo Hall wrote:

> On 4/27/05, Ron Crane <voting@lastland.net> wrote:
>>
>> A conformance test suite, though sufficient for many purposes, would
>> not be so for voting systems. The standards would have also to include
>> requirements on the development process and the openness of both
>> software and hardware to complete inspection. Black-box testing cannot
>> reveal even the most rudimentary Trojan Horses/trapdoors, and more
>> advanced ones can be hidden in hardware, even inside FPGAs and ASICs
>> that ostensibly (or actually) perform other legitimate functions.
>> Anyone want a TrojanVideo 9900 chipset? I'll build it if you'll buy it
>> ;-)
>
> This is really interesting from another level... do we know of any
> vendors that manufacture their own chipsets? If so, any
> legislation/regulation that calls for public/open/etc. source code
> should also have some sort of open hardware requirement. There is
> already one regulation here in CA that mandates open source software
> for a subsystem of DRE voting machines (I can cite if you want... but
> have so many times on this list that you can probably easily find
> it.).

I don't know the specifics of what's inside vendors' boxes, but most
PCs have customizable mainboard and video BIOSes. One could relatively
easily hide a malware loader in either of those places. If the PC also
had wireless/WIMAX/BPL net hardware onboard, the malware loader could
be programmed regularly to check it for the presence of a certain
(cheating) signal. If it detects the cheating signal, the bad BIOS
could set an internal flag. The voting application could regularly
check this flag and, if it's set, make another BIOS call to tell the
bad BIOS that it's seen the flag, then go into an infinite loop. At
this point the bad BIOS could use the net hardware to load the malware
into memory, fixup the application's stack to point it at the malware,
and return control to it. The flag checking and setting BIOS calls
could be disguised via unused bits in ordinary BIOS calls, such as
those used for video or disk access. Voila! Wireless malware with
essentially no traces of malfeasance in the (reviewed) application
itself!

Gotta go, looks like the NSA is knocking at my d%&%*(##NO CARRIER

-R

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Sat Apr 30 23:17:18 2005

This archive was generated by hypermail 2.1.8 : Sat Apr 30 2005 - 23:17:22 CDT