LWN on Voting Machines

      Comments Off on LWN on Voting Machines

LWN.net has a good summary of the latest developments in the voting machine scandal.

This has been a bad few weeks to be a voting machine vendor. Three separate governments, California, Florida and the UK looked at the devices and have come to remarkably similar conclusions. The machines they looked at are poorly designed, poorly implemented and subject to a wide variety of security threats. None of the studies mentioned it, but it is likely that the machines looked great.

in particular…

The teams were able to defeat the physical security of the voting machines, modify or overwrite the software in the machines as well as subvert the tabulation machines in order to provide incorrect vote counts. All of this just by having access to the machines themselves; the same access that election officials, poll workers and, to a lesser extent, voters, have.

Several days later, the source code teams’ reports were released and, at that point, were almost anti-climactic. Unsurprisingly, they found numerous, hideous source code flaws in all three systems. Buffer overflows, hard coded passwords (‘diebold’ being a particularly difficult one to guess), misuse of encryption, integer overflows (wrapping vote counts to negative or zero perhaps); the list goes on an on. It is as if the voting machine vendors are completely unaware of the last twenty (or thirty or forty) years of software security flaws.