Remote Attack On Diebold Touch-Screen Voting Machine

Here is more info via The Brad Blog:

The Vulnerability Assessment Team (VAT) at the U.S. Dept. of Energy’s Argonne National Laboratory in Illinois has managed to hack a Diebold Accuvote touch-screen voting machine in what I describe at my exclusive today at Salon as perhaps “one of the most disturbing e-voting machine hacks to date.”

As noted by the computer scientists and security experts at Argonne’s VAT, largely all that’s needed to accomplish this hack is about $26 and an 8th grade science education.

“This is a national security issue,” VAT team leader Dr. Roger Johnston told me, echoing what I’ve been reporting other computer scientists and security experts telling me for years. “It should really be handled by the Department of Homeland Security.”

Johnston should know. While the VAT folks have been dabbling in the security (or lack thereof) of e-voting systems in their spare time of late, most of the work they do is related to issues like nuclear safeguards and non-proliferation.

What makes this hack so troubling — and different from those which have come before it — is that it doesn’t require any actual changes to, or even knowledge of, the voting system software or its memory card programming. It’s not a cyberattack. It’s a “Man-in-the-middle” attack where a tiny, $10.50 piece of electronics is inserted into the system between the voter and the main circuit board of the voting system allowing for complete control over the touch-screen system and the entire voting process along with it.

Add an optional $15 radio frequency remote control device, and votes can be changed, without the knowledge of the voter, from up to half a mile away. Without the remote, the attack can be turned on and off at certain times, or by other triggers. The voter would have no idea that their votes have been changed after they’ve already approved them as “correct” on the various confirmation screens, and even on the so-called “paper-trail” (on e-voting machines which offer them — though VAT has learned how to manipulate those as well, see photo at right.)

(read it all)