2008: The year of hack the vote?

' =JeffH ' Jeff.Hodges at KingsMountain.com
Sun Dec 23 20:24:47 EST 2007 

2008: The year of hack the vote?
http://blogs.zdnet.com/security/?p=753

December 17th, 2007
Posted by Larry Dignan @ 2:12 am

The state of Ohio has released a comprehensive study of voting machine
security and the report will have you longing for paper.

A 334-page PDF report 

http://www.sos.state.oh.us/sos/info/EVEREST/14-AcademicFinalEVERESTReport.pdf

from the Ohio Secretary of State reveals insufficient
security, poor implementation of security technology, lax auditing and shoddy
software maintenance. The report, which covers voting systems from Election
Systems and Software (ES&S), Hart InterCivic and Premier Election Solutions
formerly known as Diebold, was conducted by Ohio\u2019s EVEREST (Evaluation and
Validation of Election-Related Equipment, Standards and Testing) initiative in
conjunction with research teams from Penn State, University of Pennsylvania
and WebWise Security.

The EVEREST report was released Dec. 7 and I found it via Slashdot. Overall,
the report really raises questions about election systems. Buffer overflows, 
leaky
encryption, audit problems and firmware issues abound. One machine, the
M100, from ES&S accepts counterfeit ballots. The Premier AV-TSX allows an
unauthenticated user to read or tamper with its memory. The Hart EMS has audit
logs that can be erased.

In fact, the first 17 pages of the report\u2013essentially the table of 
contents\u2013is an
indictment of these systems. To make matters worse, these machines don\u2019t 
run
constantly. That means malicious software could be planted and not turn up 
until
election time. These machines aren\u2019t patched regularly either.

The report is too massive to detail completely here, but at a high level here 
are
the takeaways from the EVEREST report:

    * Systems uniformly stunk at security and \u201cfailed to adequately 
address important threats against election data and processes.\u201d
    * A root cause of these security failures was \u201cpervasive 
mis-application of security technology.\u201d Standard practices for 
cryptography, key and password management and security hardware go ignored.
    * Auditing capabilities are a no show. \u201cIn all systems, the logs of 
election practices were commonly forgeable or erasable by the principals who 
they were intended to be monitoring.\u201d Translation: If there\u2019s an 
attack the lack of auditing means you can\u2019t isolate or recover from the 
problem.
    * Software maintenance practices \u201cof the studied systems are deeply 
flawed.\u201d The EVEREST report calls the election software 
\u201cfragile.\u201d

Why would these machines be so enticing as a target? You could swing an
entire election, produce incorrect results, block groups of voters, cast doubt 
on an election or delay results. And it may not take a brain surgeon to alter 
these systems. The EVEREST teams reported that they were able to subvert every 
voting system and not be detected \u201cwithin a few weeks.\u201d Meanwhile, 
the EVEREST teams found the issues with only limited access since vendors 
weren\u2019t exactly cooperative (Section 2.4 of the PDF has the details).

The researchers say:

    Any argument that suggests that the attacker will somehow be less capable 
or
    knowledgeable than the reviewer teams, or that they will not be able to 
reverse engineer the systems to expose security flaws is not grounded in fact.

As for the attackers, EVEREST ranks the following folks in ascending order of 
capabilities:

    * Outsiders have no special access to voting equipment, but could affect 
equipment to an extent that it is connected to the Internet. All of the 
systems reviewed run Microsoft Windows and occasionally connect to the 
Internet. In addition, an attacker could create a counterfeit upgrade disk and 
mail it to install malware.
    * Voters have limited and partially supervised access to voting systems 
while casting a vote.
    * Poll workers have extensive access to polling place equipment, 
management terminals before, during and after voting. They can authorize who 
votes and who doesn\u2019t and opportunities to tamper with equipment abound.
    * Election officials have extensive access to back-end election systems 
and voting equipment. Access is only loosely supervised if at all. One 
possibility: Bad software prompts election officials to \u201ccorrect\u201d 
results.
    * Vendor employees have access to the hardware and source code of system 
during development. Employees may also be on site to assist workers and 
election officials. \u201cSome vendors use third-party maintenance and 
election day support whose employees are not tightly regulated,\u201d 
according to EVEREST.

Add it up and any hack the vote opportunities will most likely be an inside 
job of some sort. The attacks may or may not be detectable.

---
end




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list