By now it should be clear that Diebold’s AccuVote-TS electronic voting machines have lousy security. Our study last fall showed that malicious software running on the machines can invisibly alter votes, and that this software can be installed in under a minute by inserting a new memory card into the side of the machine. The last line of defense against such attacks is a cheap lock covering the memory card door. Our video shows that the lock can be picked in seconds, and, infamously, it can also be opened with a key that is widely sold for use in hotel minibars and jukeboxes.
(Some polling places cover the memory card with tamper evident seals, but these provide little real security. In practice, the seals are often ignored or accidentally broken. If broken seals are taken seriously and affected machines are taken offline for inspection, an attacker could launch a cheap denial-of-service attack by going around breaking the seals on election day.)
According to published reports, nearly all the machines deployed around the country use the exact same key. Up to this point we’ve been careful not to say precisely which key or show the particular pattern of the cuts. The shape of a key is like a password – it only provides security if you keep it secret from the bad guys. We've tried to keep the shape secret so as not to make an attacker’s job even marginally easier, and you would expect a security-conscious vendor to do the same.
Not Diebold. Ross Kinard of SploitCast wrote to me last month to point out that Diebold offers the key for sale on their web site. Of course, they won’t sell it to just anybody – only Diebold account holders can order it online. However, as Ross observed, Diebold’s online store shows a detailed photograph of the key.
Here is a copy of the page. The original showed the entire key, but we have blacked out the compromising part.
Could an attacker create a working key from the photograph? Ross decided to find out. Here’s what he did:
I bought three blank keys from Ace. Then a drill vise and three cabinet locks that used a different type of key from Lowes. I hoped that the spacing and depths on the cabinet locks' keys would be similar to those on the voting machine key. With some files I had I then made three keys to look like the key in the picture.
Ross sent me his three homemade keys, and, amazingly, two of them can open the locks on the Diebold machine we used in our study!
This video shows one of Ross’s keys opening the lock on the memory card door:
Ross says he has tried repeatedly to bring this to Diebold’s attention over the past month. However, at the time of this posting, the image was still on their site.
Security experts advocate designing systems with "defense in depth," multiple layers of barriers against attack. The Diebold electronic voting systems, unfortunately, seem to exhibit "weakness in depth." If one mode of attack is blocked or simply too inconvenient, there always seems to be another waiting to be exposed.
[UPDATE (Jan. 25): As of this morning, the photo of the key is no longer on Diebold's site.]
Front page posts
[...] Posted by cmdln on January 23rd, 2007 This is just too funny. I haven’t had a belly laugh at Diebold’s expense lately. Thanks, Professor Felten and Ross Kinard. [...]
I suppose I should take down this image, yes?
http://www.flickr.com/photos/joebeone/292557593/in/set-72157594366866036/
Looks like it isn't only the movie disc industry that are having trouble with keys.
This is simply astounding.
I suppose you can't blame the people running the e-commerce side of Diebold.com; we normally don't expect keys to be this insecure, so it would never occur to them that a photo of a random key sample is actually sensitive information that will open a voting machine in Maryland.
It falls into a general class of risks, of accidentally recording security information like passwords/PIN numbers/safe combinations. But this is a particularly memorable example.
[...] if (window.document.getElementById(’post-4066′)) window.document.getElementById(’post-4066′).parentNode.className += ‘ adhesive_post’;Good lord in heaven. How dumb are these guys at Diebold?! Can you believe the United States has actually entrusted them to build a security system for the original U.S. Constitution, the Declaration of Independence and the Bill of Rights?! [...]
[...] Also, here is a link to the story. And another posting about it is here. [...]
I love how they didn't do a thing with Ross emailing them but as soon as it gets posted here the image goes bye-bye. Just goes to show they seem to care more about reputation than actually doing a good job.
[...] He then sent the keys to J. Alex Halderman at Freedom To Tinker.com who quickly confirmed that two of the three keys would, indeed, open the door to the memory card on the Diebold system. This video shows the key Ross made opening the voting machine used in the Princeton study: [...]
[...] Maar dat is nog niet alles. Op de site van Diebold (de fabrikant van de stemcomputers) kan je reservesleutels bestellen die je nodig hebt om zo’n stemcomputer te openen. Natuurlijk kan niet iedereen die zomaar bestellen, enkel wie een account bij Diebold heeft, maar toch… Tot vandaag stond er een foto van de sleutel op hun website. Iemand heeft zich de moeite getroost deze sleutels 3x na te maken - en kijk… ze werkten! Toch enigzins verontrustend, niet? [...]
I live in Virginia. The voting machines are lined up so that someone standing behind them can get a clear view of what the voter is doing. They had an old man stationed behind the machines. I glanced back at him and he was watching what I was doing very intently. He was standing quite close to me and could easily see who I was voting for.
I am fairly sure his purpose was to see if anyone was inserting anything into the machines. They have known about the security risks all along. The bottom line is awarding big contracts to their political contributors.
In 2008 they will hold the most expensive election in history. With so much at stake and so much money being thrown around, there will surely be insiders that will rig the election for either ideology or a price. My belief is that it has already happened in the previous two Presidential elections.
Posted: August 1st, 2006
http://www.lockpicking101.com/viewtopic.php?p=201718&sid=be13833da877570...
[...] Security experts advocate designing systems with “defense in depth,†multiple layers of barriers against attack. The Diebold electronic voting systems, unfortunately, seem to exhibit “weakness in depth.†If one mode of attack is blocked or simply too inconvenient, there always seems to be another waiting to be exposed. Source: Diebold Shows How to Make Your Own Voting Machine Key [...]
Everyone should stop talking about the "security holes" in the Diebold machines. Why? Because the machines were not designed to be secure in the first place. Security had nothing to do with it.
The Diebold machines were designed to guarantee wins for the Republican movement and political machine. Operatives, no doubt, were placed in every precinct in the Nation with this knowledge and the instruction to do just as told...Ensure that proper software (memory cards) were installed to adjust the vote tally. It is the most egregious fraud in the history of the United States.
The Arrogance of the Election Fraud Criminals if beyond belief. That they have NO respect for the Democratic process is clearly evident. Their disdain for the common citizen is so complete as to make each and every one of those perpetrators guilty as sin.
It's not Security they were designed for...it wasn't even Attempted Security! And, worse than that, they felt invulnerable to scutiny and well clear of any threat of getting caught.
Unlocking new e-voting security horrors (and DIY l...
Unlock today's IT Blogwatch: in which Diebold comes under fire for lousy security (again). Not to mention making your own laptop......
@Sykes:
> The Diebold machines were designed to guarantee wins for the Republican movement and political machine
Alas, they appear to fall short of even that putative goal.
We are all talking about a key for a lock on a piece of plastic!
Good lord. I bet with a little brute force that piece of plastic could be opened with about anything. And that piece of plastic could be put back into place also with a little force. Kind of putting a padlock on my front door made of cardboard.
[...] Thanks to a little help from the e-voting outfit itself, it may actually be that simple, a security researcher from Princeton University suggested this week. [...]
Not meant to be a hard-ass, I can clearly see the shape of the key from your video....
Anonymous Said:
"Not meant to be a hard-ass, I can clearly see the shape of the key from your video…."
Yep... just as people have been looking at the shape of that key on the web page for... how many years?
Now the picture of the key has finally been replaced by Diebold with a picture of a completely unrelated key card.
What's grimly amusing is the Diebold shills' attempts to say that the metal key is "actually to the printer box" and that "the machine's memory card is accessed via the key card you see on the site now..."
Yeah, right... lie, much, shills? Diebold e-voting machines are far too cheaply made to ever have had anything as sophisticated as a card lock. But hey... they're Diebold shills... it's their job to lie....
... which brings up the question, again, of just how it came about that a company which literally seems unable to stop lying even for a moment is entrusted with something that is so valuable to the American people as control over our voting?
[...] Diebold shows how to make your own voting machine key - Link. [...]
You know, what I just don't understand is how busy everyone seems to be covering Diebold ass.
Look at it this way, if you will. People obsucate the exact shape of the key so that others can't copy it. People redact file names that allow corruption of the voting record, etc. Why?
Wouldn't be much better if everyone knew what the keys were exactly? If everyone knew what the file names are that would allow vote manipulation?
Geeks get the technology, but the rest of the world gets when they have a key in their hand that opens the ballot box and they see that everyone around them has one too.
Set Diebolds keys free.
That's hilarious... they really insist on weakness in depth!
[...] Well, this is just fantastic. Following the claims that there’s no real problems with e-voting machines, almost immediately followed by reports of massive fraud with e-voting machines in Brazil, Alex Halderman is pointing out that Diebold, in their infinite wisdom, are making it ridiculously easy to break into their machines. Halderman was a part of the team that showed that Diebold’s locks on their e-voting machines used a default key that was common to many hotel minibars and could be found easily in many places. However, the researchers who noted this were still careful never to show the actual key, preferring not to help anyone who seriously intended on breaking into the machines. Diebold, on the other hand, isn’t so careful. The company, that has continually played down reports of security flaws is apparently selling the very key you need to break into their boxes on their online site… with a picture of the key. You need to be a Diebold account holder to buy it, but anyone can look at the key and then figure out how to make their own copy — and, in fact, that’s exactly what someone did. He used the picture to cut his own keys and sent the keys to Halderman, who found that two of the three keys opened the Diebold locks with ease. The guy who discovered this notified Diebold a month ago, but Diebold did not respond and has not removed the image of the key from their website. [...]
As I've posted elsewhere, the proper thing for Diebold to have done would have been to not include ANY lock, but rather have a place for affixing padlocks of whatever make and model (subject to size restrictions) the owner sees fit. If a representative of each party affixes one of his own locks to each machine, neither party has to trust the other to keep its own keys secure.
How much more will it take before we storm the capitol, kill the evil bastards, and restore the form of government described in our constitution? I wish someone would at least be worried that violent revolution could be the result of corrupting the vote.
How much more will it take before we storm the capitol, kill the evil bastards, and restore the form of government described in our constitution?
We're waiting on you.
[...] Read the rest of the story at Freedom To Tinker. [...]
[...] If you’ve been of voting age for more than, say 6 minutes, then you’re probably fully aware of the bungling of epic-proportions displayed by Diebold over the course of the last several years in terms of electronic voting.  Of course, there’s always two sides to every coin and you can’t dismiss the incompetency and callousness of the various election boards around the country who jerked their knees up in reaction to the paper-election theft prior. In fact, they don’t even know how to run their own polling sites (as noted last year on election day) However, when after suffering ginormous problems, public humiliation, and all-too-serious insinuations of single-handedly compromising the most sacred entity of democracy, Diebold actually manages to completely compromise even physical security of their own systems, it’s just way too easy to single them out. [...]
[...] And of that wasn’t enough it seems that Diebold has decided that breaking into their e-voting machines was not easy enough. The Diebold machines use keys that are also used to open many hotel mini-bars, whose locks can be picked open in seconds, but this did not meet Diebold’s high standards. To remedy this grave situation they have put up an image of the keys needed to open up the machines on their website, and now someone has used these images to successfully replicated the keys. Problem solved, Diebold e-voting machines are now easier than ever to use hack. [...]
hi i enjoyed the read
Sadly, we have people in the UK who would like to see us go the same route as you guys in the States and bring in E'Voting to our elections. The only difference would be that the UK Govt. would outsource the contract for the machines to a trusted external source, Saudi maybe, or perhaps Bulgaria?
What's most funny is that the key used on the Touch screens is a barrel (round) key, NOT the key pictured on all the websites. The door the barrel key opens is where the power button is.
Diebold's AccuVote TSX machines use a barrel-style key. This blog post refers to a different model, the AccuVote TS.
[...] read more | digg story [...]
Here is the link to the DIEBOLD store that still shows the proverbial "KEY TO THE KEYNGDOM". This & so much other daunting & inundating info. is so blatant now I'd think Joe-American would get the picture but, by design there are to many auto-cast frequencies in our atmosphere now for the average mind to sift through w/out the aid some kind of director who can be trusted to point out correct leads to reliable info. that can be TRUSTED. People think their cell phns. are safe & T.V. is still "A-OK"; & those are just the frequencies that "JOE-AM." is allowed to know about. While of course "JOE-AM." isn't allowed to be given any understanding of how these & other "un-told" frequencies DIRECTLY AFFECT EVERYONES NEURO-PROCESSES. We must understand, we have been made into direct-able cattle dutifully carrying out our NEW WOLD ORDERS on a moment to moment basis. Please for the love of our children & the unsolved mystery of GOD: WAKE UP AMERICA & FIGHT BACK. One thing we can do to FIGHT THE 'NEW WORLD ORDER" IS TO ELECT R O N P A U L PRESIDENT OF THIS (what used to be) DEMOCRATIC REPUBLIC. The truth is out there! But no one's looking. And that is BY DESIGN THROUGH
AUTO BROADCAST FREQUENCIES. "DEATH TO THE NEW WORLD ORDER".
http://www.diebold.com/nasadmk/cgi-bin/desi_catalog.pl?section=8&id=130
Brick Sykes
(Were your parents aware of the character in Cat on a Hot Tin Roof when they named you?) *~* On the other hand, Roosevelt Sykes was an awesome 'barrelhouse' piano player!! ^_^
Anyway... this is NOT about evil greedy repugnicans, or democrats.
This is about Rockefeller and his world domination plan.
Hillarot is a democrat, and look at the $hit she pulled in NH recently.
[...] worked on the Princeton Hack and tried to keep the design of the key secret for obvious reasons, revealed Tuesday that a friend of his had found the photo of the key on Diebold's website and discovered that was [...]
白蟻
水噹噹整型論壇
銀行貸款
小額信用貸款
優質宜蘭民宿查詢
優質花蓮民宿查詢
未婚聯誼好愛戀
vivi網路購物大賣場
珠海旅遊指南
請問下川島旅遊查詢
常平旅遊地圖
珠海好玩的景點
澳門機票特價中
香港機票歡迎搶購
香港機票大特賣
澳門機票特賣會
單身聯誼告別單身生活
單身聯誼尋找您的另一半
單身聯誼婚友社
MatchEX單身聯誼婚友社
提供婚友服務
詢問婚友社地址
我要辦未婚聯誼活動
MatchEX未婚聯誼
專業酒店經紀公司
酒店上班族下班聊天
未婚聯誼好開心
VIP頂級婚友聯誼中心
愛戀婚友聯誼中心
優質婚友聯誼