Tuesday, Sep 27, 2011 08:01 ET
.....Voting machine companies and election officials have long sought to protect source code and the memory cards that store ballot programming and election results for each machine as a way to guard against potential outside manipulation of election results. But critics like California Secretary of State Debra Bowen have pointed out that attempts at "security by obscurity" largely ignore the most immediate threat, which comes from election insiders who have regular access to the e-voting systems, as well as those who may gain physical access to machines that were not designed with security safeguards in mind.
"This is a fundamentally very powerful attack and we believe that voting officials should become aware of this and stop focusing strictly on cyber [attacks]," says Vulnerability Assessment Team member John Warner. "There's a very large physical protection component of the voting machine that needs to be addressed."
The team's video demonstrates how inserting the inexpensive electronic device into the voting machine can offer a "bad guy" virtually complete control over the machine. A cheap remote control unit can enable access to the voting machine from up to half a mile away.
"The cost of the attack that you're going to see was $10.50 in retail quantities," explains Warner in the video. "If you want to use the RF [radio frequency] remote control to stop and start the attacks, that's another $15. So the total cost would be $26."
The video shows three different types of attack, each demonstrating how the intrusion developed by the team allows them to take complete control of the Diebold touch-screen voting machine. They were able to demonstrate a similar attack on a DRE system made by Sequoia Voting Systems as well.
In what Warner describes as "probably the most relevant attack for vote tampering," the intruder would allow the voter to make his or her selections. But when the voter actually attempts to push the Vote Now button, which records the voter's final selections to the system's memory card, he says, "we will simply intercept that attempt ... change a few of the votes," and the changed votes would then be registered in the machine.
"In order to do this," Warner explains, "we blank the screen temporarily so that the voter doesn't see that there's some revoting going on prior to the final registration of the votes."
This type of attack is particularly troubling because the manipulation would occur after the voter has approved as "correct" the on-screen summaries of his or her intended selections. Team leader Johnson says that while such an attack could be mounted on Election Day, there would be "a high probability of being detected." But he explained that the machines could also be tampered with during so-called voting machine "sleepovers" when e-voting systems are kept by poll workers at their houses, often days and weeks prior to the election or at other times when the systems are unguarded.
"The more realistic way to insert these alien electronics is to do it while the voting machines are waiting in the polling place a week or two prior to the election," Johnston said. "Often the polling places are in elementary schools or a church basement or some place that doesn't really have a great deal of security. Or the voting machines can be tampered while they're in transit to the polling place. Or while they're in storage in the warehouse between elections," says Johnston. He notes that the Argonne team had no owner's manual or circuit diagrams for either the Diebold or Sequoia voting systems they were able to access in these attacks.
The team members are critical of election security procedures, which rarely, if ever, include physical inspection of the machines, especially their internal electronics. Even if such inspections were carried out, however, the Argonne scientists say the type of attack they've developed leaves behind no physical or programming evidence, if properly executed.