Yet Another Flaw found in the Diebold Electronic Voting Machines
Freedom to Tinker: Another Broken Diebold Protocol
The Diebold voting machines are so ridiculously insecure. To even use the word "secure" when discussing them is difficult without a grin or a grimace, and still, they will be used in elections in November.
The Diebold system allows a polling place administrator to use a smartcard to control a voting machine, performing operations such as closing the polls for the day. The administrator gets a special administrator smartcard (a credit-card-sized computing device) and puts it into the voting machine. The machine uses a special protocol to validate the card, and then accepts commands from the administrator.
This is a decent plan, but Diebold botched the design of the protocol. Here's the protocol they use:
terminal to card: "What kind of card are you?"
card to terminal: "Administrator"
terminal to card: "What's the password?"
card to terminal: [Value1]
terminal to user: "What's the password?"
user to terminal: [Value2]
If Value1=Value2, then the terminal allows the user to execute administrative commands.
Like yesterday's protocol, this one fails because malicious users can make their own smartcard. (Smartcard kits cost less than $50.) Suppose Zeke is a malicious voter. He makes a smartcard that answers "Administrator" to the first question and (say) "1234" to the second question. He shows up to vote, signs in, goes into the voting booth, and inserts his malicious smartcard. The malicious smartcard tells the machine that the secret password is 1234; when the machine asks Zeke himself for the secret password, he enters 1234. The machine will then execute any administrative command Zeke wants to give it.
For example, he can tell the machine that the election is over.