Yesterday the California Secretary of State released
the reports of three source code study teams that analyzed the source
code of e-voting systems from Diebold, Hart InterCivic, and Sequoia.
All three reports found many serious vulnerabilities. It seems
likely that computer viruses could be constructed that could infect any
of the three systems, spread between voting machines, and steal votes
on the infected machines. All three systems use central tabulators
(machines at election headquarters that accumulate ballots and report
election results) that can be penetrated without great effort.
It’s hard to convey the magnitude of the problems in a short
blog post. You really have read through the reports — the
shortest one is 78 pages — to appreciate the sheer volume and
diversity of severe vulnerabilities.
It is interesting (at least to me as a computer security guy) to see
how often the three companies made similar mistakes. They misuse
cryptography in the same ways: using fixed unchangeable keys, using
ciphers in ECB mode, using a cyclic redundancy code for data integrity,
and so on. Their central tabulators use poorly protected database
software. Their code suffers from buffer overflows, integer overflow
errors, and format string vulnerabilities. They store votes in a way
that compromises the secret ballot.
Some of these are problems that the vendors claimed to have fixed years ago. For example, Diebold claimed (p. 11)
in 2003 that its use of hard-coded passwords was “resolved in
subsequent versions of the software”. Yet the current version
still uses at least two hard-coded passwords — one is
“diebold” (report, p. 46) and another is the eight-byte sequence 1,2,3,4,5,6,7,8 (report, p. 45).
Similarly, Diebold in 2003 ridiculed (p. 6)
the idea that their software could suffer from buffer overflows:
“Unlike a Web server or other Internet enabled applications, the
code is not vulnerable to most ‘buffer overflow attacks’ to
which the authors [Kohno et al.]
refer. This form of attack is almost entirely inapplicable to our
application. In the limited number of cases in which it would apply, we
have taken the steps necessary to ensure correctness.” Yet the
California source code study found several buffer overflow
vulnerabilities in Diebold’s systems (e.g., issues 5.1.6, 5.2.3
(”multiple buffer overflows”), and 5.2.18 in the report).
As far as I can tell, major news outlets haven’t taken much
notice of these reports. That in itself may be the most eloquent
commentary on the state of e-voting: reports of huge security holes in
e-voting systems are barely even newsworthy any more.
Powered by ScribeFire.
::Tullycast:: 