asheris: (Default)
"Hotel Minibar" Keys Open Diebold Voting Machines (emphasis mine):
The access panel door on a Diebold AccuVote-TS voting machine — the door that protects the memory card that stores the votes, and is the main barrier to the injection of a virus — can be opened with a standard key that is widely available on the Internet.

On Wednesday we did a live demo for our Princeton Computer Science colleagues of the vote-stealing software described in our paper and video. Afterward, Chris Tengi, a technical staff member, asked to look at the key that came with the voting machine. He noticed an alphanumeric code printed on the key, and remarked that he had a key at home with the same code on it. The next day he brought in his key and sure enough it opened the voting machine.

This seemed like a freakish coincidence — until we learned how common these keys are.

Chris’s key was left over from a previous job, maybe fifteen years ago. He said the key had opened either a file cabinet or the access panel on an old VAX computer. A little research revealed that the exact same key is used widely in office furniture, electronic equipment, jukeboxes, and hotel minibars. It’s a standard part, and like most standard parts it’s easily purchased on the Internet. We bought several keys from an office furniture key shop — they open the voting machine too. We ordered another key on eBay from a jukebox supply shop. The keys can be purchased from many online merchants.

As one person commented, "At least the minibar has a paper record of what you’ve taken out."

Nothing like a "secure machine" that can be opened with spare office cabinet keys, and uses a flash drive instead of a hard disk to store information and programming.

These are the people who make most of the ATMs used in the US. Double-locked, paper trails for the machine owner and the user, programming on secured hard drives, etc. Yet their voting machines couldn't keep out a 4-year old who's playing with the keys from Mommy's filing cabinet, can be hacked (and completely reprogrammed) by someone wielding a USB drive with a couple lines of code on it, and can't manage to print out a single paper receipt?

Seriously, that's so fucked up... you have to work at it to screw up a project on that many levels!

EDIT/ADDITION: But wait, there's more... If you can't find an old filing cabinet, minibar, or computer case key lying around, just grab a phillips screwdriver. 12 screws later, you're in.

Check out the YouTube video to watch a few of the many ways a Diebold voting machine can be hacked; or check out Security Analysis of the Diebold AccuVote-TS Voting Machine, the full paper from the Princeton School of Engineering and Applied Science Professor and grad students.


asheris: (Default)

April 2017

161718192021 22


RSS Atom

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags
Page generated Oct. 23rd, 2017 01:08 pm
Powered by Dreamwidth Studios