April 23, 2014

avatar

Diebold Shows How to Make Your Own Voting Machine Key

By now it should be clear that Diebold’s AccuVote-TS electronic voting machines have lousy security. Our study last fall showed that malicious software running on the machines can invisibly alter votes, and that this software can be installed in under a minute by inserting a new memory card into the side of the machine. The last line of defense against such attacks is a cheap lock covering the memory card door. Our video shows that the lock can be picked in seconds, and, infamously, it can also be opened with a key that is widely sold for use in hotel minibars and jukeboxes.

(Some polling places cover the memory card with tamper evident seals, but these provide little real security. In practice, the seals are often ignored or accidentally broken. If broken seals are taken seriously and affected machines are taken offline for inspection, an attacker could launch a cheap denial-of-service attack by going around breaking the seals on election day.)

According to published reports, nearly all the machines deployed around the country use the exact same key. Up to this point we’ve been careful not to say precisely which key or show the particular pattern of the cuts. The shape of a key is like a password – it only provides security if you keep it secret from the bad guys. We’ve tried to keep the shape secret so as not to make an attacker’s job even marginally easier, and you would expect a security-conscious vendor to do the same.

Not Diebold. Ross Kinard of SploitCast wrote to me last month to point out that Diebold offers the key for sale on their web site. Of course, they won’t sell it to just anybody – only Diebold account holders can order it online. However, as Ross observed, Diebold’s online store shows a detailed photograph of the key.

Here is a copy of the page. The original showed the entire key, but we have blacked out the compromising part.

Could an attacker create a working key from the photograph? Ross decided to find out. Here’s what he did:

I bought three blank keys from Ace. Then a drill vise and three cabinet locks that used a different type of key from Lowes. I hoped that the spacing and depths on the cabinet locks’ keys would be similar to those on the voting machine key. With some files I had I then made three keys to look like the key in the picture.

Ross sent me his three homemade keys, and, amazingly, two of them can open the locks on the Diebold machine we used in our study!

This video shows one of Ross’s keys opening the lock on the memory card door:

Ross says he has tried repeatedly to bring this to Diebold’s attention over the past month. However, at the time of this posting, the image was still on their site.

Security experts advocate designing systems with “defense in depth,” multiple layers of barriers against attack. The Diebold electronic voting systems, unfortunately, seem to exhibit “weakness in depth.” If one mode of attack is blocked or simply too inconvenient, there always seems to be another waiting to be exposed.

[UPDATE (Jan. 25): As of this morning, the photo of the key is no longer on Diebold's site.]

Comments

  1. joe says:
  2. John says:

    Looks like it isn’t only the movie disc industry that are having trouble with keys.

  3. Xcott Craver says:

    This is simply astounding.

    I suppose you can’t blame the people running the e-commerce side of Diebold.com; we normally don’t expect keys to be this insecure, so it would never occur to them that a photo of a random key sample is actually sensitive information that will open a voting machine in Maryland.

    It falls into a general class of risks, of accidentally recording security information like passwords/PIN numbers/safe combinations. But this is a particularly memorable example.

  4. Matt says:

    I love how they didn’t do a thing with Ross emailing them but as soon as it gets posted here the image goes bye-bye. Just goes to show they seem to care more about reputation than actually doing a good job.

  5. Exposed Voter says:

    I live in Virginia. The voting machines are lined up so that someone standing behind them can get a clear view of what the voter is doing. They had an old man stationed behind the machines. I glanced back at him and he was watching what I was doing very intently. He was standing quite close to me and could easily see who I was voting for.

    I am fairly sure his purpose was to see if anyone was inserting anything into the machines. They have known about the security risks all along. The bottom line is awarding big contracts to their political contributors.

    In 2008 they will hold the most expensive election in history. With so much at stake and so much money being thrown around, there will surely be insiders that will rig the election for either ideology or a price. My belief is that it has already happened in the previous two Presidential elections.

  6. unl says:
  7. Brick Sykes says:

    Everyone should stop talking about the “security holes” in the Diebold machines. Why? Because the machines were not designed to be secure in the first place. Security had nothing to do with it.

    The Diebold machines were designed to guarantee wins for the Republican movement and political machine. Operatives, no doubt, were placed in every precinct in the Nation with this knowledge and the instruction to do just as told…Ensure that proper software (memory cards) were installed to adjust the vote tally. It is the most egregious fraud in the history of the United States.

    The Arrogance of the Election Fraud Criminals if beyond belief. That they have NO respect for the Democratic process is clearly evident. Their disdain for the common citizen is so complete as to make each and every one of those perpetrators guilty as sin.

    It’s not Security they were designed for…it wasn’t even Attempted Security! And, worse than that, they felt invulnerable to scutiny and well clear of any threat of getting caught.

  8. Anonymous says:

    @Sykes:

    > The Diebold machines were designed to guarantee wins for the Republican movement and political machine

    Alas, they appear to fall short of even that putative goal.

  9. Bert Groothuis says:

    We are all talking about a key for a lock on a piece of plastic!
    Good lord. I bet with a little brute force that piece of plastic could be opened with about anything. And that piece of plastic could be put back into place also with a little force. Kind of putting a padlock on my front door made of cardboard.

  10. Anonymous says:

    Not meant to be a hard-ass, I can clearly see the shape of the key from your video….

  11. the_zapkitty says:

    Anonymous Said:

    “Not meant to be a hard-ass, I can clearly see the shape of the key from your video….”

    Yep… just as people have been looking at the shape of that key on the web page for… how many years?

    Now the picture of the key has finally been replaced by Diebold with a picture of a completely unrelated key card.

    What’s grimly amusing is the Diebold shills’ attempts to say that the metal key is “actually to the printer box” and that “the machine’s memory card is accessed via the key card you see on the site now…”

    Yeah, right… lie, much, shills? Diebold e-voting machines are far too cheaply made to ever have had anything as sophisticated as a card lock. But hey… they’re Diebold shills… it’s their job to lie….

    … which brings up the question, again, of just how it came about that a company which literally seems unable to stop lying even for a moment is entrusted with something that is so valuable to the American people as control over our voting?

  12. netsecurity says:

    You know, what I just don’t understand is how busy everyone seems to be covering Diebold ass.

    Look at it this way, if you will. People obsucate the exact shape of the key so that others can’t copy it. People redact file names that allow corruption of the voting record, etc. Why?

    Wouldn’t be much better if everyone knew what the keys were exactly? If everyone knew what the file names are that would allow vote manipulation?

    Geeks get the technology, but the rest of the world gets when they have a key in their hand that opens the ballot box and they see that everyone around them has one too.

    Set Diebolds keys free.

  13. Anonymous says:

    That’s hilarious… they really insist on weakness in depth!

  14. supercat says:

    As I’ve posted elsewhere, the proper thing for Diebold to have done would have been to not include ANY lock, but rather have a place for affixing padlocks of whatever make and model (subject to size restrictions) the owner sees fit. If a representative of each party affixes one of his own locks to each machine, neither party has to trust the other to keep its own keys secure.

  15. Mark says:

    How much more will it take before we storm the capitol, kill the evil bastards, and restore the form of government described in our constitution? I wish someone would at least be worried that violent revolution could be the result of corrupting the vote.

  16. Suso says:

    How much more will it take before we storm the capitol, kill the evil bastards, and restore the form of government described in our constitution?

    We’re waiting on you.

  17. Brennen says:

    hi i enjoyed the read

  18. Ian Flockhart says:

    Sadly, we have people in the UK who would like to see us go the same route as you guys in the States and bring in E’Voting to our elections. The only difference would be that the UK Govt. would outsource the contract for the machines to a trusted external source, Saudi maybe, or perhaps Bulgaria?

  19. Douglas says:

    What’s most funny is that the key used on the Touch screens is a barrel (round) key, NOT the key pictured on all the websites. The door the barrel key opens is where the power button is.

  20. J. Alex Halderman says:

    Diebold’s AccuVote TSX machines use a barrel-style key. This blog post refers to a different model, the AccuVote TS.

  21. Anti N.W.O. Soldier says:

    Here is the link to the DIEBOLD store that still shows the proverbial “KEY TO THE KEYNGDOM”. This & so much other daunting & inundating info. is so blatant now I’d think Joe-American would get the picture but, by design there are to many auto-cast frequencies in our atmosphere now for the average mind to sift through w/out the aid some kind of director who can be trusted to point out correct leads to reliable info. that can be TRUSTED. People think their cell phns. are safe & T.V. is still “A-OK”; & those are just the frequencies that “JOE-AM.” is allowed to know about. While of course “JOE-AM.” isn’t allowed to be given any understanding of how these & other “un-told” frequencies DIRECTLY AFFECT EVERYONES NEURO-PROCESSES. We must understand, we have been made into direct-able cattle dutifully carrying out our NEW WOLD ORDERS on a moment to moment basis. Please for the love of our children & the unsolved mystery of GOD: WAKE UP AMERICA & FIGHT BACK. One thing we can do to FIGHT THE ‘NEW WORLD ORDER” IS TO ELECT R O N P A U L PRESIDENT OF THIS (what used to be) DEMOCRATIC REPUBLIC. The truth is out there! But no one’s looking. And that is BY DESIGN THROUGH
    AUTO BROADCAST FREQUENCIES. “DEATH TO THE NEW WORLD ORDER”.
    http://www.diebold.com/nasadmk/cgi-bin/desi_catalog.pl?section=8&id=130

  22. KILLrockefeller's NWOplans says:

    Brick Sykes
    (Were your parents aware of the character in Cat on a Hot Tin Roof when they named you?) *~* On the other hand, Roosevelt Sykes was an awesome ‘barrelhouse’ piano player!! ^_^

    Anyway… this is NOT about evil greedy repugnicans, or democrats.
    This is about Rockefeller and his world domination plan.

    Hillarot is a democrat, and look at the $hit she pulled in NH recently.