Diebold reveals 'key' to e-voting?

CNET ^ | January 25, 2007 | Anne Broache

[antiRepublicrat]

Imagine if all it took to get inside widely-used Diebold electronic voting machines--perhaps with malicious intentions, such as installing tally-altering software on its memory card--was a photograph of the key to the system's physical lock.

Thanks to a little help from the e-voting outfit itself, it may actually be that simple, a security researcher from Princeton University suggested this week.

According to J. Alex Halderman, a computer science PhD student, a picture of the key published at Diebold's online store was a veritable blueprint for filing down ordinary hardware-store cabinet keys to an identical shape.

Ross Kinard of the site SploitCast, which calls itself "the podcast for hackers, geeks, and the security paranoid," alerted Halderman to the vulnerability. Kinard recently mailed three of his homemade keys to Halderman, who then successfully used them to unlock a Diebold AccuVote-TS machine.

[antiRepublicrat]

Does anyone really think Diebold has a clue about security?

[Lunatic Fringe]

e-Voting sucks. I refuse to use an e-vote machine.

[IllumiNaughtyByNature]

tagline bump

[KarlInOhio]

Does anyone really think Diebold has a clue about security?

If you just tap twice on the top of a Diebold ATM and then push on the screen it will pop open and you can take all the cash from it.

And yes, that is sarcasm.

[rednesss]

I read about this yesterday, certainly reminds you of watching Keystone Cops or the Three Stooges. How does a company so inept, manage to make billions of $$$$$$$$$$$$??????

[NonValueAdded]

Doesn anyone think legitimate keys in the hands of a democRATically controlled elections office are any safer?

[antiRepublicrat]

I never would have thought to try to make a key from those photos. The idea that a company would be stupid enough to post a photo of an actual working key instead of a sample just didn't occur. But I'm learning now to never underestimate Diebold's stupidity when it comes to security.

Of course, I didn't realize how low-security their keys were until I saw this photo (I heard they were standard keys, but not this cheap). Anyone with only a little training can easily pick the locks these keys normally go to rather quickly. When I think of a voting machine, I think it may be locked with something like a smaller version of this:

It has at least the basic features: controlled access to blanks, mushroom pins (makes you think you've picked it, but you haven't) and side pins (interfere with picking). It's also hardened steel and brass. Diebold just got their locks from a regular bulk supplier -- cheap crap that you may use to protect your office supplies, but no more than that.

[antiRepublicrat]

Doesn anyone think legitimate keys in the hands of a democRATically controlled elections office are any safer?

That was my main worry in the last election. Who knows, that may be why they won.

[L98Fiero]

I want to go back to the old secure way where you essentially handed your ballot over to a group of senile old Democrats to determine who your vote was for.

At least The Great Diebold Conspiracy is something FReepers and DUers can agree on.

[showme_the_Glory]

If you just tap twice on the top of a Diebold ATM and then push on the screen it will pop open and you can take all the cash from it.

Sheesh, don't tell everybody.

[antiRepublicrat]

If you just tap twice on the top of a Diebold ATM and then push on the screen it will pop open and you can take all the cash from it.

Cute. I should have been more specific. I meant the Diebold Election Systems subsidiary of Diebold, which was called Global Election Systems, Inc. before Diebold bought it in 2002. Diebold hasn't managed to clean up the lax security of its purchase, but it's still Diebold for now.

[CharlesWayneCT]

According to the web page, that only gets you to the printer stuff and the batteries.

And it looks like you can just order the keys, so why would you painstakingly make them from the picture? Just send them the six bucks.

The real security (the ONLY security) for a voting machine is the physical security of the people we entrust to watch them. Locks are meaningless, programing is meaningless. We trust the people we put in charge, and that's all there is.

[Lx]

They make ATM machines so they know how. Whether they do is another story.

[weegee]

Do they have one master key that they use or different keys for different boxes?

Seems a security breach to allow anyone to order the master key and to photograph THAT exact key for the catalog. Or is this being blown out of propotion a bit?

[weegee]

Death penalty for those convicted of conspiracy to commit vote fraud would do a lot to prevent such attempts.

[cripplecreek]

I'm happy with my fill in the oval, paper ballot.

[KC_Conspirator]

The real fraud is in hand counted ballots that democrats have been committing fraud with for decades. (For example, Florida 2000 and Cuyahoga County Ohio just recently). This whole Diebold thing is a red herring. Also did you noticed that for years the dems have claimed fraud, with the exception of 2006, when they won?

[toast]

Hmmm.

Do they have a page with master keys for ATMs?

[cripplecreek]

The best security is close scrutiny of the counting process. Look at Detroit, the fraud there has to do more with nonexistant voters and accepted fraud during the counting process than anything else.

[TChad]

For those who missed it, here's the Princeton study on hacking a Diebold voting machine.

Ballotless voting is an election fraud scandal waiting to happen.

Voting machines are OK so long as they produce printed ballots that can be read by the voter, and those ballots can be counted by hand to verify the computer/machine count. It is very hard to hack a large number of individual pieces of paper without leaving evidence of the crime.