Optical scan computers shown vulnerable

From: Charlie Strauss <cems_at_earthlink_dot_net>
Date: Tue May 31 2005 - 10:31:42 CDT

While it wont truly surprise anyone here, Bev harris's crew recently
demonstrated a design vulnerability in Diebold's optical scan computers.

http://www.bbvforums.org/cgi-bin/forums/board-auth.cgi?file=/
1954/5921.html

It's a seriously dumbed down breathy explanation. As I read it in a
nutshell, diebold's removable vote storage memory cards, which have a
high level physcial access, contain executables that get called
directly by the main program. Moreover these executable are
unencrypted and undergo no validation before being called.

They showed that for example there were not even program length or
checksums to validate the stored procedures.

they showed that infact the stored executable could alter the vote
totals and produce
1) perfect "zero" tapes
2) perfect total sums
3) shift an arbitrary number of votes from one candidate to another
4) do so without any diagnostics catching the switch.
5) pass logic and accuracy tests.

One of course still needs physical access, but this considerably
lowers the barrier and most importantly enables the dreaded software-
injection-after-candidates-are-known threat.

Why do people think it's a good idea to use fonts, graphics and now
memory storage formats that allow code execution? It's not like one
needs that sort of flexibility in a voting system. All the
executables should either live in one single defensible place or if
distributed then at least act as objects that don't allow each other
to modify their protected data.

In other news intel is finally making computers that can do hardware
validation of the signed software for the entire boot process. I
strongly recommend that OVC only use such hardware.

_______________________________________________
OVC discuss mailing lists
Send requests to subscribe or unsubscribe to arthur@openvotingconsortium.org
==================================================================
= The content of this message, with the exception of any external
= quotations under fair use, are released to the Public Domain
==================================================================
Received on Tue May 31 23:17:50 2005

This archive was generated by hypermail 2.1.8 : Tue May 31 2005 - 23:17:53 CDT