[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Hart eSlate machines: why an unsealed I/O port?

To: attendees <attendees@xxxxxxx>, cvv-discuss@xxxxxxxxxxxxxxxxx
Subject: Hart eSlate machines: why an unsealed I/O port?
From: Neal McBurnett <neal@xxxxxxxxxxxxxxxxx>
Date: Tue, 7 Nov 2006 23:45:34 -0700
Delivered-to: mailing list cvv-discuss@coloradovoter.net
In-reply-to: <20061106162254.GX8925@feynman>
List-help: <mailto:cvv-discuss-help@coloradovoter.net>
List-post: <mailto:cvv-discuss@coloradovoter.net>
List-subscribe: <mailto:cvv-discuss-subscribe@coloradovoter.net>
List-unsubscribe: <mailto:cvv-discuss-unsubscribe@coloradovoter.net>
Mailing-list: contact cvv-discuss-help@coloradovoter.net; run by ezmlm
References: <bfc40aa0611011353r5fd6456fm82b05ac26dff1f58@mail.gmail.com> <20061106162254.GX8925@feynman>
User-agent: Mutt/1.5.6+20040907i

The attacks against the Diebold AccuVote Optical Scan machine were due
in part to the fact that you can plug a laptop into the optical
scanner machine, hold down two buttons, power it on, and get a dump of
the contents of the computer memory, including a password (INCREDIBLY
INEPT DESIGNERS!!).

I was an election judge today, and the Hart eSlate machines used in
Boulder had seals on the handle, on the printer, on the "audio card",
and on four sides of the eSlate pad itself.  But they had no seal on
the port where you plug in the cable to the JBC machine.  That port
provides power and a data communications connection.  It is on the
back of the machine, accessible even when the machine is folded shut
and stored or delivered for "sleep overs" with poll workers.

This is a major oversight.  I suggest immediate testing to see if you
can plug a JBC into an eSlate while the eSlate is closed, and
communicate with it.  If so, that seems like a significant potential
vulnerability.  If not, there still may be other ways to make use of
this unsealed computer port.  It should be sealed somehow.

Of course in general, the County and the Secretary of State need to
get independent computer security experts to study these machines,
just like several other states have done.  Each time, we seem to learn
about new vulnerabilities.

Neal McBurnett                 http://mcburnett.org/neal/

On Mon, Nov 06, 2006 at 09:22:54AM -0700, Neal McBurnett wrote:
> I hope folks noticed that these are attacks on an OPTICAL SCANNER
> MACHINE!  Read on.
> 
> On Wed, Nov 01, 2006 at 02:53:03PM -0700, Margit Johansson wrote:
> > Avi Rubin's Blog
> > UConn VoTeR center report: Diebold AV-OS is vulnerable to serious attacks
> > 
> > A powerful new report was released yesterday about the Diebold AccuVote Optical
> > Scan voting terminal (AV-OS). 
> > The authors show that "even if the memory card is sealed and pre-election
> > testing is performed, one can carry out a devastating array of attacks against
> > an election using only off-the-shelf equipment and without having ever to
> > access the card physically or opening the AV-OS system box."
> 
> > ... Besides manipulation of the
> > voting machine totals and reports, the authors explain how any voter can vote
> > an arbitrary number of times using (get this), Post-it notes, if the voter is
> > left unattended.
> 
> That post-it note attack is classic!.  Stick post-it notes to the
> trailing edge of the ballot, then
> 
>  - Feed it into the scanner all the way, but hold on to the post-it note
>  - Then pull it back thru
>  - Repeat
> 
> See the pictures at  http://voter.engr.uconn.edu/voter/Reports.html
> 
> As I wrote in my comment on Avi's blog, this just underscores again
> the importance of doing random manual audits. Real audits. Audits that
> start from detailed election reports of how each machine tally came
> out, and track back from those results to identify the paper records
> they are based on, and see whether a hand count of those paper records
> comes up with the same result.
> 
> But this sort of audit is hardly ever done, even when required by
> state law (as it is in Colorado). The voting systems don't usually
> even produce auditable results. They produce precinct reports, but
> since absentee and early results are mixed in, you can't track down
> the actual pieces of paper needed to validate the results. So we do
> partial recounts instead and call them audits. And as this study
> demonstrates, as have so many others, the results can be different
> during the recount, so they are nearly worthless.
> 
> Check out my page at
> http://www.coloradovoter.net/moin.cgi/ManualCountAudit and read the
> Brennan Report (linked from there) and call for auditable reports and
> real audits from your own county and vendor. It isn't just a DRE
> problem - it is an optical scanner problem and especially a tally
> system problem. There are many single points of failure, and good
> audits are one of the few really helpful tools we have.
> 
> Even if we do a hand count, we will want to audit the sub-totals and
> check the arithmetic.....
> 
> Neal McBurnett http://mcburnett.org/neal/

References:
- UConn Report on Diebold AV-OS
  - From: Margit Johansson
- Re: UConn Report on Diebold AV-OS
  - From: Neal McBurnett

Prev by Date: RE: mom not on roles
Next by Date: DC's coverage of voter ratings
Previous by thread: Re: UConn Report on Diebold AV-OS
Next by thread: A washingtonpost.com article from: margitjo@gmail.com
Index(es):
- Date
- Thread