Hotel minibar key opens Diebold voting machine!!!!

Freedom-to-Tinker ^ | Monday September 18, 2006 | Ed Felten

[dickmc]

Like other computer scientists who have studied Diebold voting machines, we were surprised at the apparent carelessness of Diebold’s security design. It can be hard to convey this to nonexperts, because the examples are technical. To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes; but nonexperts have trouble appreciating this. Here is an example that anybody, expert or not, can appreciate:

The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

Using such a standard key doesn’t provide much security, but it does allow Diebold to assert that their design uses a lock and key. Experts will recognize the same problem in Diebold’s use of encryption — they can say they use encryption, but they use it in a way that neutralizes its security benefits.

The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.

*******************************************

Also, see the Princeton site at http://itpolicy.princeton.edu/voting/ for the related Security Analysis of the Diebold AccuVote-TS Voting Machine

[WildBill2275]

The Dems will arrange an easily found hack to give more votes to a Republican who would have won anyway and use it to have the election overturned claiming they were the real winners.

[ibbryn]

I don't know why some Freepers are discounting this story. There are reams of documentation proving that the electronic voting machines suck. This (should be) is just another nail in the coffin.

This is one area where the average right-wing citizen can find common ground with the average left-wing citizen. I believe the average joe-in-the-street, left or right, wants a fair vote. Average joes on both sides of the aisle should band together and demand voting machines that can't be hacked. Everyone wins.

[Holicheese]

There was a great picture on the Howie Carr website of a Union "official" or thug, in the voting booth telling the union member who to vote for.
Good stuff.

[Balding_Eagle]

The same keys also unlock the SS Lockbox.

[mickey blue eyes]

this should make Ted Kennedy happy now he only has carry 1 key

[Sender]

It is all preparatory disinformation for the possibility that the Dems will LOSE. They must lay the groundwork to be able to claim it was not the will of the people.

[Wormwood]

Average joes on both sides of the aisle should band together and demand voting machines that can't be hacked. Everyone wins.

There are many conservatives who wouldn't believe a Democrat if he claimed that water was wet and the sky blue.

Identity politics. Divide and conquer.

Fun, huh?

[The Brush]

A video of how to unlock a voting machine was posted at D.U. The libs had their anger out in full force certain that the Republicans had stolen the election in 2004.
Here's a link to the video
http://www.youtube.com/watch?v=aZws98jw67g#ydhMxZ-XMNc
The discussion is ongoing

[jakerobins]

You trust these? http://history.sandiego.edu/gen/USPics43/2000-florida-recount01b.jpg

[technomage]

or maybe a cabal of diebold machine genius poll workers working in unison across the country.

You forgot the tinfoil hat alert!!

[AFreeBird]

A hard drive, though, gives the same number back every time and there is little room to wiggle or lie.

LOL.. Well, that all depends on the tools you have at your disposal and how the system is set up. As mentioned in the article:

To security practitioners, the use of a fixed, unchangeable encryption key and the blind acceptance of every software update offered on removable storage are rookie mistakes...

The bad guys don’t care whether you use encryption; they care whether they can read and modify your data. They don’t care whether your door has a lock on it; they care whether they can get it open. The checkbox approach to security works in press releases, but it doesn’t work in the field.

It sounds like there are some issues with the system. And issues can and will lead to problems, and problems can and will lead to major headaches.

I wonder what bit level their encryption keys are; 16 bit? ;-/

[MarkL]

And another Urban Legend is born!

They demonstrated the hack on Fox and Friends, and in the "election," although 3 votes were cast for George Washington, the final tally was 2 votes for Benedict Arnold, one for Washington.

The fact that there's no paper trail really bothers me.

Mark

[freepatriot32]

Libertarian ping.To be added or removed from my ping list freepmail me or post a message here

[JennysCool]

And, of course, the hilarious thing is the Libs were screaming for electronic voting following the 2000 election. They got it, didn't get the results they were looking for, and now they're screaming against it.

They'll simply never admit that trying to shoehorn their antiquated '60s agenda into the modern world is their real problem.

[Lancey Howard]

Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer.

_________________________________________

Har!!!!

"Say there! May I have a look at that key?"
"Sure, have a look."
"Hmmmm.... The alphanumeric code on this key looks familiar. Yes, I remember! I once had a key like that about fifteen years ago."

Case closed.

[KoRn]

Damn! We've been busted!!!!!

[Lancey Howard]

These commies are just mad because its a lot harder to cheat with a Diebold than it is with chads and the idiots that used to steal elections for the democraps can't do it any more.

Exactly! The proof is in the pudding. It's the scumbag crybaby Democrats, not the Republicans, who are constantly whining about the machines and there's only one reason I can think of - - the rats can't cheat as easily. Therefore, give me the machines.

It ain't rocket surgery.

[KingofQue]

You Are The Man. I Should Have Used All Capitals!

[Petronski]

Brilliant! LOL