?1279807942
ES&S e-Voting System Used in California Cracked Wide Open
By Ryan Paul | Last updated December 5, 2007 9:01 AM
Earlier this year, California Secretary of State Debra Bowen established strict new standards for electronic voting machines, requiring independent code audits, Red Team security testing, and support for paper records. The Red Team testing process primarily involves subjecting the machines to review by security experts who attempt to hack the software and bypass the physical security mechanisms. Recent Red Team tests of ES&S voting machines have uncovered serious security flaws.
Previous Red Team tests commissioned by the state of California revealed significant vulnerabilities in devices sold by Diebold and Sequoia. At the time, ES&S declined to participate in the testing, citing lack of preparedness. The tests on the ES&S machines were finally conducted in October, and the results, which were recently published (PDF), show that products from ES&S are as insecure as the rest.
The first round of tests focused on the physical security of the Polling Ballot Counter (PBC), which the Red Team researchers were able to circumvent with little effort. "In the physical security testing, the wire- and tamper-proof paper seals were easily removed without damage to the seals using simple household chemicals and tools and could be replaced without detection," the report says. "Once the seals are bypassed, simple tools or easy modifications to simple tools could be used to access the computer and its components. The key lock for the Transfer Device was unlocked using a common office item without the special 'key' and the seal removed."
After bypassing the physical security of the voting machines, the Red Team researchers were able to gain direct access to all of the files on the systems, including password files. "Making a change to the BIOS to reconfigure the boot sequence allows the system to be booted up using external memory devices containing a bootable Linux copy," according to the researchers. "Once done, all the files can be accessed and potentially modified, including sensitive files such as the password file which can be cracked by openly available cracker programs. New users may be added with known passwords and used by the same attacker or other attackers later."
snip
http://arstechnica.com/security/news/2007/12/security-testing-uncovers-severe-security-flaws-in-ess-voting-machines.ars