First I wrote about California’s electoral college woes yesterday and now this.
“The security mechanisms provided for all systems analyzed were inadequate to ensure accuracy and integrity of the election results and of the systems that provide those results,” wrote principal investigator Matt Bishop, a computer science professor at the University of California, Davis.
In each case, the testers were able to overwrite at least some of the firmware used on the machines and replace it with malicious programs–which, at times, could alter the recording, reporting and tallying of votes.
There were other flaws as well. With the Diebold AccuVote-TSX system, they found that a “well-known static security key” was used by default on the machine. On the Hart eSlate machine, the testers succeeded in remotely capturing the audio from an audio-enabled vote session, which poses a potential violation to a voter’s privacy.
How could the attacks be prevented?
Most of the attacks could be prevented by better physical security surrounding the devices, staff training and contingency planning. The testers also said their study would have benefited from additional time and that they were denied all the code and information–in particular, from Hart representatives–needed to conduct thorough scrutiny.
So the news isn’t THAT bad, but are we ever going to not have a reality where these machines can’t be hacked? You know people are just going to find more sophisticated ways to do it, so this will eventually become a greater threat.