Wednesday, September 06, 2006

Hacking a voting machine

Of relevance to the vote counting machines that the COMELEC purchased and which the Supreme Court subsequently junked is this bit of news from Slashdot: how to hack a voting machine in 4 minutes with $12 worth of equipment. The full article, with photos, is here.

Take note that the machine involved is a Diebold, the same company that the COMELEC purchased from.

The exploit apparently involves tampering with the memory card of the vote-counting machine. As I understand it, you could tamper with the contents of the card while, say, the machine is in transit. From there, you either tamper with the results or modify the code to favor a particular candidate.

More from the article:
"The demo is particularly relevant in light of the recent experience in Ohio in which there were large discrepancies between the electronic record and the paper trail, and also since many counties still permit the machines to be taken home by individuals before voting day (as a means of distributing them to precincts). These 'sleepover' machines were involved in the contentious narrow-margin San Diego Election, and are in continued practice in many states. Moreover, it's common practice for counties to contract out deliveries to third parties, such as in New Mexico where in one election, unlicensed delivery drivers took the machines on an unauthorized field trip and only got caught when they crashed the delivery truck after a stop at Hooters. The good news here is that the penetrated Diebold system in the photo essay is an optical scan system. It's not a touchscreen electronic voting system, so there is a paper trail. What hack really shows is that without mandatory random spot checks on the paper ballots, these may be as potentially vulnerable as the touchscreen direct recording electronic voting systems. It's perhaps worth noting that the open source voting system being developed by the Open Voting Consortium features a 100% reconciliation of every single paper ballot with an independent electronic record."

The Verified Voting New Mexico web site has several essays worth reading. Still, I'm sure they can learn a thing or two more from our bright boys in the COMELEC.