The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Diebold disclosed e-voting key on website

Posted by Xavier Ashe on January 27, 2007

Electronic voting machine firm Diebold is once again the subject of
an embarrassing security gaffe after hackers created keys capable of opening voting machines from pictures posted on its website.

Two of three keys crafted by Ross Kinard of SploitCast were capable
of opening a voting machine obtained by Princeton University for
testing purposes. It's tempting to think, given the apparent ease of
the attack, that the locks are simple enough to be opened by anyone
with a basic knack for lockpicking.

Diebold has removed the offending images, replacing them with
pictures of digital card keys but that's akin to closing the gate after
the horse has bolted. Access to the key would allow tamperers to slip
in a memory card containing a virus or, even worse, tally-altering
software. In theory, security tape ought to be posted over the
compartment to detect such tampering, but that relies on election
officials checking for problems.

To make matters worse, the filing cabinet-style key is the same across all Diebold voting machines of the same model.

From The Register.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: