Princeton U. researchers have released a study and video that demonstrate the ease of altering votes on an electronic voting machine.
On September 13, researchers at Princeton University's Center for Information Technology Policy (CITP) released a study detailing their successful attempt to hack a Diebold AccuVote-TS, one of the most widely used voting machines in the United States. The researchers, Ariel J. Feldman, J. Alex Halderman, and Edward W. Felten, also posted a demonstration video of their hack.
The CITP is not the first group to demonstrate the vulnerability of Diebold's machines. BlackBoxVoting.org, Open Voting Foundation, and Johns Hopkins computer science professor Avi Rubin have all published accounts of security compromises in Diebold products. BlackBoxVoting.org wrote about their successful guerrilla project to swap out a Diebold voting machine's memory card using $12 worth of tools in four minutes (the Princeton team says it can execute its hack in one minute).
But the previous reports simply highlighted potential holes in the Diebold machines' security. The CITP study shows exactly how entire voting systems could be not just rendered inoperable, but deliberately hacked to rig an election. In fact, the CITP group developed a simple software virus to do just that, along with a method of deploying it.
The group's study had three main findings. First, the CITP group discovered that not only could it install malicious code on the voting machine, but also that the code could easily be configured to "disappear" once its work was done, leaving no trace of tampering; the electronic and paper records produced by the voting machine would agree--and both be wrong.
Second, they found that physically hacking into the machine and its memory card was easy, as BlackBoxVoting.org had also discovered. The Diebold AccuVote and similar machines rely on a removable memory card for storing vote counts and uploading new system software. The CITP team was able to remove the card, replace it with one of their own, and reboot the machine, causing it to automatically install the software they had placed on the memory card--the software that could fix election results.
The CITP's third finding was that its virus code could spread. The CITP showed that an infected machine could infect its original memory card, once the card was returned to the machine. Furthermore, the infected memory card, inserted into another voting machine, would infect that machine and then its memory card, and so on. In normal election procedures, memory cards are taken out of all voting machines and placed into one machine, which acts as an "accumulator" for tallying the total votes in a precinct. "By planting a virus far enough in advance, [a hacker] can ensure that a significant number of machines can steal votes on election day" even if the criminal had access to only one voting machine, says the narrator of the demonstration video.
"It's like the old days, when viruses were spread on floppy disks," says Princeton's Felten.
A conference presentation would have exposed flaws in some cash machines.
will provide voters with confidence that their votes have been recorded correctly. Electronic voting machines are "black boxes" that cannot ever be trusted completely. Let's not be in such a hurry -- we should vote on paper and take as many days as necessary to count the ballots by hand. The television networks would love it -- 5 days of suspense on which they could report, instead of just a few hours!
Michael Rodemer
In Canada we use paper ballots. At the end of the polling day, we count them up (about 1-1.5 hrs at the most), phone in our results to the constituency office who holds the results till they all come in, who then calls in the results to the federal election office. Results are known within 2 hrs of poll close, so by 11pm Pacific, we know who won the election and what the results were. This is with paper - very easy, very reliable and doesn't take 5 days to get results. The whole electronic thing seems to be more about the "cool" factor than the election's integrity and infallibility.
It is easy to snype at a developed technology and find flaws. The chalange for you is to find ways to make this technology secure. I am getting tired of the fault finders. If they are so smart, find a way to secure the process. I believe that many "hackers" have a low self esteem. They are compelled to find fault with others, rather than take the risk to develop something themselves. But then, someone will be snyping at them.
Guest (JH)
Please remember that in order to make devices like this secure, it is necessary to hack it in order to expose the flaws. The Diebold machines deserve a special emphasis since the company and its employees are big financial supporters of the current administration which has certainly been the subject of controversy on its election tactics.
Aren't you tired of taking a flaw in an vote counting machine and turning that into a political statement? You are suggesting that the engineers at Doiebold are complicit in a conspiracy to defraud the people. The Dieblod engineers probably went to MIT. I am positive that MIT does not encourage or promote duplicity. If you don't have a solution, stop complaining. I am tired of the widespread negativity that pervades this industry. As educated engineers we should applaud innovation and work to make it better. Sitting on the sidelines and criticizing is not productive. As a nation we respect the innovators, when was the last time you saw a statue to a critic?
The saddest part of all this is that this situation need never have arisen in the first place. Altera offers their Stratix II GX FPGA line, which includes an onboard 128 bit AES encryption system which will *ONLY* accept initilization code from a source that has properly encrypted the code with a key that is built into a one time programmable register in the FPGA. The register, and the decrypted initialization code are not accessible from outside the FPGA, so the code is as secure as anything *CAN* be. The likelihood of anyone finding a means of altering the control code of the voting machine is virtually nil.
Moreover, the cost of these FPGAs is quite low, not that cost should be a consideration in a crucial and sensitive application such as this one.
Diebold is and has been aware of the flaws and deficits in thier design all along, and ought to be required to refund every penny customers have spent in purchasing these machines.
Releasing these clearly flawed machines was a deliberate, cynical and self-serving social crime on the part of Diebold and its executives.
Voting machines should never be allowed to be proprietary designs. There is far too much secrecy in proprietary products, and such secrecy leads to the sorts of problems being seen in this instance. A Federal Design Commission ought to be appointed to design a voting machine that is tamper proof, verifiable, and has an open architecture, permitting ANY citizen to review and critique the design.
Open Source is the answer to the problem of reliable, trustworthy electronic voting machines. No proprietary design, developed by a corporation with profit as its primary goal, can be trusted sufficiently for this crucial and highly sensitive application. Even if we work on the assumption that a corporation would not deliberately allow a flawed design to go forward, out of social responsibility, the drive for profitability and time to market leaves too many holes, through which flaws and questionable designs can slip inadvertantly, due to the commercial focus necessary in a corporate environment.
It is strange to hear about the problems introduced by electronic voting when paper voting remains the most reliable system. Who is pushing the electronic voting agenda and what do they seek to gain from it?
Since this is a "technology review" site, I'm sure nukeisrael can provide citations of articles which show that inherent errors are less for paper voting than for electronic voting. I, for one, would be interested in seeing this data.
Also, there are many other vendors that do provide a "dual" paper record (VVPAT) system. It generally consists of a secure scorlling printer receipt veiwable by the voter. The voter reviews the entire paper receipt before submitting the ballot. There is a second record kept in the machine (which can be printed out from the machine) and a third record stored on a memory cartridge.
I think this kind of research does have merit, but the "hacks" need to be reported in context, and with regard to what other safeguards may/should be in place during an election.
I can hack a paper ballot box with a laser printer and a pen... Give me unfettered access to the "box" where the ballots go, and I can swap out 100% of the paper ballots with my own.
Tired of all the sniping and negativity? My! my! my!
Voting machines counting backwards, changing votes
right in front of the voters eyes. But we mustn't,
mustn't speak of such troubling possibilities,
must we(we of the software engineers).
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
This document is part of the “How-To Guide for Most Common Measurements” centralized resource portal. This tutorial provides a detailed guide for measurement and device considerations to take temperature measurements using thermocouples. Get an introduction to thermocouples, which are inexpensive sensing devices widely used with PC-based data acquisition systems. Also review some specific thermocouple examples and learn how thermocouples work and ways to integrate them into a data acquisition measurement system.
View full PDF >
Listen to story > 
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
wizwom
11 Comments
Not even a second tape
Cash registers have two printers - one with the customer receipt, a second with the accounting receipt.
The accounting receipt is in a hidden compartment. If the machines had a kept receipt which displayed through a lens the vote just cast, the voter could easily verify that that vote was recorded on the receipt correctly.
Then any fraud would have to make artificial copies of these vote-by-vote tapes to successfully steal votes - stealing the electronic votes would beuseless because a hand cound would catch it.
Reply