A few weeks ago, security engineers discovered that the most popular models of electronic voting machines made by Diebold, the same company embroiled in controversy during the 2004 elections, were riddled with security holes and backdoors that were serious enough to make engineers wary of anyone who could ever use them, and demonstrate how incredibly easy it is to manipulate them, leading some security researchers to call the security flaws the “worst ever” in such a sensitive device.
Deibold plans to replace or repair the problems in time for the November 7th 2006 elections, but what’s so unnerving about the problem is that Diebold executives are speaking about the vulnerabilities as though they are features and not problems. For example:
Finnish security researcher Harri Hursti discovered backdoors in the systems boot loader software, in the OS, and in the Ballot Station software that it runs to tabulate votes.
“These are built-in features, all three of them,” said Black Box Voting Founder Bev Harris. If a malicious person had access to a Diebold machine, the back doors could be exploited to falsify election results on the system, she said.
A Diebold spokesman did not dispute Hursti’s findings, but said that Black Box Voting was making too much of the matter because the systems are intended to remain in the hands of trusted election officials.
“What they’re proposing as a vulnerability is actually a functionality of the system,” said spokesman David Bear. “Instead of recognizing the advantages of the technology, we keep ringing up ‘what if’ scenarios that serve no purpose other than to confuse and in some instances frighten voters.”
Nevertheless, Diebold plans to address the issue in an upcoming version of the product, which will use cryptographic keys to ensure that only authorized software is installed on the machine, Bear said. He could not say when this feature would be added, but said that it could be available in time for the November 7 general election in the U.S.
This isn’t the first time Diebold has landed itself in hot water due to poorly designed voting machines; Diebold was taken to task during the 2000 and 2004 elections for the vulnerabilities that plagued their Windows CE voting systems. PC World has the full story below: