Monday, July 30, 2007

The Voting (Machine) Results Are In!

Unsurprisingly, a $1.8m new study funded by CA Secretary of State Debra Bowen, and conducted by researchers at the University of California, has confirmed what researchers at Princeton and many security researchers already knew: the electronic voting machines currently in use are not secure.

The study focused on machines manufactured by Hart, Diebold, and Sequoia. The findings, published today, cover aspects of physical security (i.e. locks, screws, accessibility to hard disk, accessibility of ports, etc), firmware security, and software security.

The researchers also tested the capability of each system to create an audit trail (logs relating to any non-authorized modifications of the system), and whether or not the Windows operating system was still configured to enable things like allow unauthorized wireless devices to operate.

Avi Rubin, a professor of computer science and technical director of the Information Security Institute at Johns Hopkins University, summed it up when he told TechNewsWorld:

"I was shocked by how severe the problems were... what's even scarier is that the researchers were looking at certified systems that have been already used in an election."

I would love to list all of the problems found, but email feedback on my recent essay-length Security 3.0 posting suggests I should keep the length of this post to "one cup of hot cocoa". So here's the summary:

* Sequoia: Researchers analyzing Sequoia's e-voting machine bypassed locks and gained access to a HP ProLiant DL360 G5 server by simply removing screws. In doing this, the researchers discovered "numerous" ways to overwrite the Sequoia Edge firmware using simple tricks such as "malformed font files" or "doctored update cartridges"

* Diebolt: Researchers were able to exploit vulnerabilities in Diebold's Windows operating system to initiate events that the server did not record in its audit logs. Researchers were also able to manipulate components networked to the server. This allowed them to load wireless drivers onto the server so a wireless device could be plugged surreptitiously into the server. Researchers found a number of ways to overwrite the Diebold firmware and change vote totals, among other things - in one example, researchers were able to escalate privileges from "voter" to "poll worker" to "central count administrator", enabling them to reset the election, issue unauthorized voter cards and "close the polls". Diebold's physical security was also lacking, the researchers found.

* Hart: Researchers discovered an undisclosed account on the Hart e-voting system that enabled attackers to penetrate the operating system and gain unauthorized access to the Hart Election Management Database. The researchers were then able to overwrite Hart's firmware and also access menus that were not locked with passwords. Additional attacks allowed researchers to alter vote totals and attach a device that caused Hart's system to authorize access codes without poll worker intervention.

Scary, huh? So now what?

California obviously could choose to get rid of its voting machines, but that isn't really a viable option, budget-wise. Many of these $3,500 machines are just one year into a three year lease. The people that recommended them will lose their jobs.

The smart play here is for one vendor - Hart, Diebold or Sequoia - to say "we hear you", instead of attempting to disparage yet more detailed results from yet another respected source. The smart play is to do that - and spend the considerable cash they have on hand on fixing the problems.

Note to vendors: The whole concept of electronic voting is poised on a knife-edge right now - there is no room left for empty promises. These problems must get fixed. If you don't fix the problems, it will be fifteen years before you get back in the door. The first vendor that successfully commits to solving the problems - and validating the existing investment by government - will win.

Authentium has patent-pending technology available that could significantly assist electronic voting machine vendors when it comes to eradicating software vulnerabilities and hardening the audit trail.

No comments: