2008: The year of hack the vote?
' =JeffH '
Jeff.Hodges at KingsMountain.com
Sun Dec 23 20:24:47 EST 2007
2008: The year of hack the vote?
http://blogs.zdnet.com/security/?p=753
December 17th, 2007
Posted by Larry Dignan @ 2:12 am
The state of Ohio has released a comprehensive study of voting machine
security and the report will have you longing for paper.
A 334-page PDF report
http://www.sos.state.oh.us/sos/info/EVEREST/14-AcademicFinalEVERESTReport.pdf
from the Ohio Secretary of State reveals insufficient
security, poor implementation of security technology, lax auditing and shoddy
software maintenance. The report, which covers voting systems from Election
Systems and Software (ES&S), Hart InterCivic and Premier Election Solutions
formerly known as Diebold, was conducted by Ohio\u2019s EVEREST (Evaluation and
Validation of Election-Related Equipment, Standards and Testing) initiative in
conjunction with research teams from Penn State, University of Pennsylvania
and WebWise Security.
The EVEREST report was released Dec. 7 and I found it via Slashdot. Overall,
the report really raises questions about election systems. Buffer overflows,
leaky
encryption, audit problems and firmware issues abound. One machine, the
M100, from ES&S accepts counterfeit ballots. The Premier AV-TSX allows an
unauthenticated user to read or tamper with its memory. The Hart EMS has audit
logs that can be erased.
In fact, the first 17 pages of the report\u2013essentially the table of
contents\u2013is an
indictment of these systems. To make matters worse, these machines don\u2019t
run
constantly. That means malicious software could be planted and not turn up
until
election time. These machines aren\u2019t patched regularly either.
The report is too massive to detail completely here, but at a high level here
are
the takeaways from the EVEREST report:
* Systems uniformly stunk at security and \u201cfailed to adequately
address important threats against election data and processes.\u201d
* A root cause of these security failures was \u201cpervasive
mis-application of security technology.\u201d Standard practices for
cryptography, key and password management and security hardware go ignored.
* Auditing capabilities are a no show. \u201cIn all systems, the logs of
election practices were commonly forgeable or erasable by the principals who
they were intended to be monitoring.\u201d Translation: If there\u2019s an
attack the lack of auditing means you can\u2019t isolate or recover from the
problem.
* Software maintenance practices \u201cof the studied systems are deeply
flawed.\u201d The EVEREST report calls the election software
\u201cfragile.\u201d
Why would these machines be so enticing as a target? You could swing an
entire election, produce incorrect results, block groups of voters, cast doubt
on an election or delay results. And it may not take a brain surgeon to alter
these systems. The EVEREST teams reported that they were able to subvert every
voting system and not be detected \u201cwithin a few weeks.\u201d Meanwhile,
the EVEREST teams found the issues with only limited access since vendors
weren\u2019t exactly cooperative (Section 2.4 of the PDF has the details).
The researchers say:
Any argument that suggests that the attacker will somehow be less capable
or
knowledgeable than the reviewer teams, or that they will not be able to
reverse engineer the systems to expose security flaws is not grounded in fact.
As for the attackers, EVEREST ranks the following folks in ascending order of
capabilities:
* Outsiders have no special access to voting equipment, but could affect
equipment to an extent that it is connected to the Internet. All of the
systems reviewed run Microsoft Windows and occasionally connect to the
Internet. In addition, an attacker could create a counterfeit upgrade disk and
mail it to install malware.
* Voters have limited and partially supervised access to voting systems
while casting a vote.
* Poll workers have extensive access to polling place equipment,
management terminals before, during and after voting. They can authorize who
votes and who doesn\u2019t and opportunities to tamper with equipment abound.
* Election officials have extensive access to back-end election systems
and voting equipment. Access is only loosely supervised if at all. One
possibility: Bad software prompts election officials to \u201ccorrect\u201d
results.
* Vendor employees have access to the hardware and source code of system
during development. Employees may also be on site to assist workers and
election officials. \u201cSome vendors use third-party maintenance and
election day support whose employees are not tightly regulated,\u201d
according to EVEREST.
Add it up and any hack the vote opportunities will most likely be an inside
job of some sort. The attacks may or may not be detectable.
---
end
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list