Saturday, February 14, 2004
cut-and-paste from other blog
Ok, here's the thing with electronic voting.
Even if it is done very well it still sucks.
The people who think about e-voting examine very complex scenarios where problems could occur. Maybe they should worry less about complex crypto and more about trivial exploits.
The current implementations aren't even close to being done very well.
The current implementations are some sort of amateur hour cr@p job.
Anyone with slight computer knowledge could hack these machines. Seriously.
The most basic security precautions have not been taken.
RABA report on Diebold voting machines (PDF). Via SE.
The central reporting station (GEMS) is basically a consumer Windows machine.
An unpatched consumer Windows machine.
I'm not even talking about code vulnerabilities. I'm talking trivial OS vulnerabilities that anyone who has any concept of HOME computer security, let alone election-class security, should have patched immediately.
Here's the list they came up with just for the central server:
1. The GEMS server lacks several critical security updates from Microsoft.
2. Given physical access to the server, one can insert a CD that will automatically upload malicious software, modify or delete elections, or reorder ballot definitions.
3. The back panel of the GEMS server is not protected. Given physical access to a running device it is possible to insert a USB flash drive and upload malicious software onto the server.
4. Boot off a CD. By removing the front panel of the server (this is held in place by a
small keyed lock), one can insert a CD, power up the server, and have it boot its
operating system off the CD. This gives the attacker complete control over the
device.
5. Modify election database. Given either physical or remote access (see below) it is
possible to modify the GEMS database.
6. Social Engineering/Phone line hijacking: The procedure by which precincts upload
votes to their LBE is vulnerable to a "man-in-the-middle" attack. This is a result of an
incomplete implementation of the SSL protocol. Specifically, the team
demonstrated how a laptop could act as a GEMS server.
7. Patches and Updates. The team identified fifteen additional Microsoft patches that
have not been installed on the servers. In addition, the servers lack additional
measures (all considered best practice) for defense such as the use of firewall antivirus
programs as well as the application of least privilege, i.e. turning off the
services that are unused or not needed. Each of these represents a potential attack
vector for the determined adversary.
Ok, here's the thing with electronic voting.
Even if it is done very well it still sucks.
The people who think about e-voting examine very complex scenarios where problems could occur. Maybe they should worry less about complex crypto and more about trivial exploits.
The current implementations aren't even close to being done very well.
The current implementations are some sort of amateur hour cr@p job.
Anyone with slight computer knowledge could hack these machines. Seriously.
The most basic security precautions have not been taken.
RABA report on Diebold voting machines (PDF). Via SE.
The central reporting station (GEMS) is basically a consumer Windows machine.
An unpatched consumer Windows machine.
I'm not even talking about code vulnerabilities. I'm talking trivial OS vulnerabilities that anyone who has any concept of HOME computer security, let alone election-class security, should have patched immediately.
Here's the list they came up with just for the central server:
1. The GEMS server lacks several critical security updates from Microsoft.
2. Given physical access to the server, one can insert a CD that will automatically upload malicious software, modify or delete elections, or reorder ballot definitions.
3. The back panel of the GEMS server is not protected. Given physical access to a running device it is possible to insert a USB flash drive and upload malicious software onto the server.
4. Boot off a CD. By removing the front panel of the server (this is held in place by a
small keyed lock), one can insert a CD, power up the server, and have it boot its
operating system off the CD. This gives the attacker complete control over the
device.
5. Modify election database. Given either physical or remote access (see below) it is
possible to modify the GEMS database.
6. Social Engineering/Phone line hijacking: The procedure by which precincts upload
votes to their LBE is vulnerable to a "man-in-the-middle" attack. This is a result of an
incomplete implementation of the SSL protocol. Specifically, the team
demonstrated how a laptop could act as a GEMS server.
7. Patches and Updates. The team identified fifteen additional Microsoft patches that
have not been installed on the servers. In addition, the servers lack additional
measures (all considered best practice) for defense such as the use of firewall antivirus
programs as well as the application of least privilege, i.e. turning off the
services that are unused or not needed. Each of these represents a potential attack
vector for the determined adversary.
Comments:
Post a Comment