Diebold Voting Machines
Vulnerable to Virus Attack
— long distance
An analysis of Diebold's source code shows that a hacker with access to a single voting
machine could use a virus to affect an election.
Sumner Lemon, IDG News Service
Thursday, August 02, 2007 11:00 PM PDT

Diebold Election Systems Inc. voting machines are not secure enough to guarantee a trustworthy
election, and an attacker with access to a single machine could disrupt or change the outcome of an
election using viruses, according to a review of Diebold's source code.

"The software contains serious design flaws that have led directly to specific vulnerabilities that
attackers could exploit to affect election outcomes," read the University of California at Berkeley
report, commissioned by the California Secretary of State as part of a two-month "top-to-bottom"
review of electronic voting systems certified for use in California.

The assessment of Diebold's source code revealed an attacker needs only limited access to
compromise an election.

"An attack could plausibly be accomplished by a single skilled individual with temporary access
to a single voting machine. The damage could be extensive -- malicious code could spread to every
voting machine in polling places and to county election servers," it said.

The report, titled "Source Code Review of the Diebold Voting System," was apparently released
Thursday, just one day before California Secretary of State Debra Bowen is to decide which
machines are certified for use in California's 2008 presidential primary elections.

The source-code review identified four main weaknesses in Diebold's software, including:
vulnerabilities that allow an attacker to install malware on the machines, a failure to guarantee the
secrecy of ballots, a lack of controls to prevent election workers from tampering with ballots and
results, and susceptibility to viruses that could allow attackers to an influence an election.

"A virus could allow an attacker who only had access to a few machines or memory cards, or
possibly to only one, to spread malicious software to most, if not all, of a county's voting
machines," the report said.

"Thus, large-scale election fraud in the Diebold system does
not necessarily require physical access to a large number of
voting machines."

The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an
election using the machines. "Malicious code might be able to subtly influence close elections, and
it could disrupt elections by causing widespread equipment failure on election day," it said.

The source-code review went on to warn that commercial antivirus scanners do not offer adequate
protection for the voting machines. "They are not designed to detect virally propagating malicious
code that targets voting equipment and voting software," it said.

In conclusion, the report said Diebold's voting machines had not been designed with security as a
priority. "For this reason, the safest way to repair the Diebold system is to reengineer it so that it is
secure by design," it said.

The Diebold source-code review and several other documents, including a review of source code
used in other voting systems, had earlier been withheld from release by the Secretary of State, even
as other reports related to the review of voting machines were released on July 27.

An explanation posted on the Secretary of State's Web site on July 27 noted the source-code review
and other reports had been submitted on time. "Their reports will be posted as soon as the Secretary
of State ensures the reports do not inadvertently disclose security-sensitive information," the Web
site said.

The delayed release of the source-code review meant that David Wagner, an associate professor of
computer science at the University of California at Berkeley and an author of the report, was not
able to present his findings at a public hearing held on July 30 to discuss the results of the voting
system review.

See SunMt archive on vote fraud