Comments on: Voting rom swapped in 60 seconds

By: srilyk

srilyk — Mon, 18 Jun 2007 18:03:42 +0000

Heh… I think we should elect Linus Torvalds as president ^_^

By: ken

ken — Mon, 18 Jun 2007 00:39:15 +0000

good now we can stop bush from becoming pres again

By: f3@rn0#vi1

f3@rn0#vi1 — Sun, 17 Jun 2007 05:37:21 +0000

I’m all for moving in to the 21st century and all, but i still think the most electronic thing I want to see in a voting booth is the light over my head.

By: Matthew Carrick

Matthew Carrick — Fri, 15 Jun 2007 01:12:41 +0000

Ready? Paper ballots. Thank you.

By: jack

jack — Fri, 15 Jun 2007 01:09:26 +0000

This video has to be one of the scariest thing I have ever seen.

By: tony

tony — Fri, 15 Jun 2007 00:33:11 +0000

Stealing an election with electronic voting machines poses a much greater risk than a paper vote. Depending on the type of attack, a single compromised machine could affect the results of entire districts or regions.

http://arstechnica.com/etc/How_to_steal_an_election-ArsTechnica.pdf

By: carlton

carlton — Wed, 13 Jun 2007 22:02:19 +0000

There is no excuse for this crap. The machines (I’ve read elsewhere) use old LS7400 series logic, popular in the 80’s! For christ sake, get a PLD or FPGA in there!

@cailen: All modern microcontrollers made in the last decade (basically) can do in-circuit programming and debugging, meaning you just plug in a cable and flash the ROM. There is *no* reason for sockets in production! These should all be small surface mount chips soldered down and epoxyed over the pins (or something). It looks like they just went through an ancient parts bin and grabbed what they could. Seriously, it’s pathetic.

As far as security, it’s ridiculous (as seen in the video). One approach would be to use some sort of public key encryption system were registered voters get a key. Of course, that doesn’t really protect against these man-in-the-middle attacks if you can easily modify the hardware!

By: dave

dave — Wed, 13 Jun 2007 19:01:51 +0000

i think that even during election days units like these are still very vulnerable. my district votes with a kiosk setup similar to this in an old country school. i dont think that large, well-manned, closely-watched voting stations are the big targets here, but small ones in rural settings.

where i vote, and in most districts where i vote where the elections happen at country schools, old store buildings, etc., this would be easy to pull off.

im not in favor of doing so, but the fact that a couple of us could do it so quickly and so easily, well, thats something scary.

i agree that the makers of these machines need to open their original specs up to the hacking community [and make those machines obsolete immediately.]. the hacking community, much like the free market, will always yield the most effective results.

By: cyplesma

cyplesma — Wed, 13 Jun 2007 18:26:29 +0000

electronic voting machines, ha.
I don’t know why some people forget the bigger something is the harder it falls, or in this case the more you squeeze your grip the more people slip though, oops I mean the more you try to hack proof something the easier the back door illuminates itself. there that last one was an original. 8 )

By: rafael.ct

rafael.ct — Wed, 13 Jun 2007 12:10:53 +0000

Don't you guys think that some politicians want theses machines to be unsafe? Wake up..

It is not that hard to make a system a little more secure.. just have a second system inside the case (disconnected from the voting system) checking all the important parts (like rom checksums and case integrity using sensors) and have this second system triggering an alarm on a network or even audible if anything is messed with.

The online server system would work only IF no connection between the voter and the vote is recorded. A paper could be printed in the machine for the voter assigning a random number (a password) to its vote (also in the paper). This way anyone could check its vote later and would not have its identity revealed.

By: tAK

tAK — Wed, 13 Jun 2007 12:10:49 +0000

Pretty cool way to show a flaw in a product.
In Australia, its all done by hand anyways.

and call me stupid, but how did you get the youtube video timer to count down (from 60), instead of go up?

I have never seen it before.

By: zeek g

zeek g — Wed, 13 Jun 2007 09:00:55 +0000

For those of you saying, it has a lock or people watch it. There are things in this world called corrupt politicians, and they do terrible things for money and power. 60 seconds alone with that box would not be that big of a bribe.

Also the votes could have encryption, but if the key was bribed off someone, then you could program the ROM with the encryption. And if they use these things in a state, think of a politician having a systematic attack on many of the major polling places. Even if there are countermeasures governments always love cheap stuff, so how many things are promised to be implemented, but never are.

By: Wolf

Wolf — Wed, 13 Jun 2007 07:37:43 +0000

I was just thinking, what if all votes were registered over the net on a couple of redundant servers, onto which people could log in and check their votes. It would be much more efficient, and, due to peoples ability to varify their votes, near tamper proof on the client end, (Unless someone was able to hack the server software that is)

By: MRE

MRE — Wed, 13 Jun 2007 06:52:12 +0000

Slot machine tape: works really well to verify that the rom has not been tampered with… unless: 1: someone else gets ahold of a roll of tape. 2: someone uses slight of hand to swap the roms after the verifier tests the rom but before he/she inserts and tapes the rom. both cases have occured in vegas, and it took months to years to find out about.

chainging the vote: it takes a lot of time to destry and replace paper ballots. It takes mere seconds to do the same in digital form. There are a million things that computers are better at, but secure voting isn’t one of them. In paper ballot cases, hundreds of volunteers are caretakers of perhaps a few thousand votes each person. In digital form, a few ‘volunteers’ are checking millions of votes each. The right people, in the right place, with 5 seconds to kill.. can swing a digital election any way you want it to go.

without biometric voter verification and vote full visability, electronic elections are a sham. (vote visability means that 1: a voter can at any time see the result of their vote.. even years later, to verify that their vote still ‘exists’ somewhere, and was counted.) a paper trail exists for paper votes up to three years. virtually nothing exists in any true and unalterable form in the digital realm.

By: Tordre

Tordre — Wed, 13 Jun 2007 05:29:20 +0000

But not replacing all of the screws will just let the people know it was tampered with. With this sort of hack the less change average people see the easier it is to get away.

my suggestion slow down people by adding more screws and make their own screw head much like Nintendo did with their tri-wing screw, or Macdonald's happy meal triangle screw (i am still not sure why they don't want you to take apart their toys, maybe they have tracking devices built in they they don't want you finding out about)

but in the end you can only slow them down, and make it so that changes will be visible. With the way the current election system is run there is nothing you can do to prevent them from modifying the results, whether it is voiding a machines votes or actually getting away with changing the data.