Diebold reveals 'key' to e-voting?
Imagine if all it took to get inside widely-used Diebold electronic voting machines--perhaps with malicious intentions, such as installing tally-altering software on its memory card--was a photograph of the key to the system's physical lock.
Thanks to a little help from the e-voting outfit itself, it may actually be that simple, a security researcher from Princeton University suggested this week.
According to J. Alex Halderman, a computer science PhD student, a picture of the key published at Diebold's online store was a veritable blueprint for filing down ordinary hardware-store cabinet keys to an identical shape.
Ross Kinard of the site SploitCast, which calls itself "the podcast for hackers, geeks, and the security paranoid," alerted Halderman to the vulnerability. Kinard recently mailed three of his homemade keys to Halderman, who then successfully used them to unlock a Diebold AccuVote-TS machine.
Halderman had the machine on hand because he and his Princeton colleagues happened to test the same breed of paperless machine before arriving at a damning security assessment last fall. They estimated that system and an updated version would be used by about 10 percent of the voting population last year.
At the time, they said it would take only seconds to pick the lock guarding the machine's memory card--and beyond that, it could be opened with the same keys typically used with hotel minibars and jukeboxes. With less than one minute of physical access to a machine, a hacker could install corruptive software on the memory cards inside, the study reported.
The latest incident is another strike against Diebold, as any security-conscious vendor should know better than to let slip a picture of something like a key, Halderman said. "The shape of a key is like a password," he wrote, "it only provides security if you keep it secret from the bad guys."
As of Thursday morning, the original key photo had disappeared from the site, replaced by a "smart key security key card." What purports to be the original screen shot and photo has already been immortalized on some blogs.
In a telephone interview, Diebold spokesman Mark Radke said the photograph had been removed because of the blogosphere buzz. He acknowledged that a single key can unlock every voting machine within a particular Diebold model but defended the decision.
"Can you imagine, if the wrong keys went to the wrong precincts the morning of the election, what would happen?" he asked.
If a jurisdiction ever wants to changes its keys and locks, "that can certainly be done," he added, but the locks are "just one layer of many physical layers of security" on the company's machines.
If someone duplicated a key, he also would have to break a seal on the machine to get to the lock, and that would be visible to others, Radke said.
"These are people that don't have election experience making some of these comments," he said.
