Electronic Voting Virus Demonstrated
Today, Ari Feldman, Alex Halderman, and Ed Felten of Princeton University posted their security analysis of a Diebold AccuVote-TS electronic voting machine. This type of voting machine was used in several elections yesterday.
Electronic voting machines are basically repackaged personal computers that run election software. The researchers exploited significant flaws in the hardware, software, and the procedures that election officials would use to run an election based on Diebold AccuVote-TS voting machines to develop both election-stealing software as well as a virus that can spread such malicious software.
The security analysis includes a video and a detailed report. (There is a companion posting on the Freedom to Tinker site.) The video includes a demonstration of a mock election with a race between George Washington and Benedict Arnold. The votes are cast 4-1 in favor of Washington but the machine reports a 3-2 win by Arnold. The election-stealing software leaves no trace that the results are fraudulent. Significantly, the malicious software can be installed on a given machine in under a minute. The viral spread of the software can occur in multiple ways. In particular, it can spread when the election machines are initialized before an election with names of the candidates in each race.
In related news, Diebold AccuVote-TS voting machines were used in Montgomery County, Maryland, where election staffers mistakenly left voting cards behind in a warehouse. As reported, Circuit Court Judge Eric M. Johnson issued an order to extend the election by an hour to accommodate voters that were turned away in the morning.
