Brad: Why do Diebold's Touch-Screens Have Wireless Data Transfer Ports?

Why do Diebold's Touch-Screen Voting Machines Have Built-In Wireless Infrared Data Transfer Ports?

IrDA Protocol Can 'Totally Compromise System' Without Detection, Warns Federal Voting Standards Website

So far, no state or federal authority -- to our knowledge -- has dealt with this alarming security threat

by Brad

2/22/2006

We hate to pile on... (Or do we?)

But, really, with all the recent discussion of California Sec. of State Bruce McPherson's mind-blowing about-face re-certification of Diebold -- against state law, we hasten to add -- this may be a good time to point out one small item that we've been meaning to mention for a while.

As Jody Holder's recent comment points out, McPherson's silly "conditions" for re-certification of Diebold in California require a few much-less-than-adequate knee-jerk "safe guards" towards protection of the handling of the hackable memory cards in Diebold's voting machines. (Here's McP's full "Certificate of Conditional Certification").

Never mind, as Holder mentions, that the protective seals to be required are easily peeled away without tearing. Or that such voting machines have been stored in poll workers houses for weeks leading up to an election. More to the point, for the moment, there are ways to manipulate the information on those memory cards even without removing them or breaking the seals. This is more of a concern than ever, since it was recently proven, by the now-infamous Harri Hursti hack in Leon County, FL, that changing the information on the memory cards can force election results to be flipped...without a trace being left behind.

On that note, here's the little item we've been meaning to point out. It's a photograph from the side of a Diebold AccuVote TSx touch-screen voting machine:

snip

A few election watchdog groups, including some members of the National Institute of Standards and Technology (NIST) who works with the federal authorities on these matters, have issued warnings about the IrDA port and protocols on voting machines. However, little -- if anything -- seems to have been done to mitigate the rather obvious security threat posed, as far as we can tell.

snip

http://www.bradblog.com/archives/00002458.htm

machines - which means the connection need not be turned on by a hacker - as was implied by the minutes of that meeting.

All one need do use the wireless connection to change the memory cards.

How tough can that be?

changing ballot definition files from a laptop in a car parked outside.

"Because if I have got 3,000 voting stations and I have to load those with pc cards, then I have got to sit down and manufacture 3,000 pc cards, and keep them separated by precinct. Whereas if I could sit in my warehouse and load those ballot images wirelessly, there is a tremendous advantage."

the odds of our winning every election nationwide!

One way or another, dems will win. There is hope!

You couldn't be outside in your car, you'd have to be right next to the machine. And you couldn't use some device in your pocket, it would have to come out of your pocket to connect by IrDA.

That said, there should not be an IrDA port on a touchscreen machine just like there shouldn't be any other ports such as serial or parallel that are accessible. The security risks make them totally unacceptable regardless of any convenience they might provide.

_{edit: typo}

You use wireless technology to program/ control 30 machines from a single location.

You would have to have a "booster" such as a wireless router to do that. Add the router and anyone can hook on.

Sorry, who is Williams?

Radio-based wireless does not need a line of sight. Some examples of radio-based wireless, such as 802.11b and 802.11g, have a range that might allow you to be outside in your car. Bluetooth is shorter range but maybe if the conditions are just right...

Light-based wireless such as IrDA does need a line of sight. The range for IrDA is typically a few feet.

Williams is probably talking about typical radio-based 802.11b or 802.11g, in which case you can set up a wireless local area network and do all kinds of things with it, including the things you mention.

But with IrDA, which is what is shown in the photo in Brad's article, you would have to somehow get your own IrDA device in sight of and within a few feet of each touchscreen. You can't just connect to them all with a single device that is physically removed and therefore you can't really set up a wireless network using them like you can with radio-based. There isn't any router or anything else you can use to get around this limitation because it is physics that keeps light from traveling through opaque objects.

To be sure, the security risks that Brad points out are significant, unacceptable and unnecessary. But we should be accurate about exactly what you can and cannot do with IrDA.

The TGDC has been holding public meetings as they go through the suggested standards they have developed for qualifying all voting systems. They are modifying or deleting suggested standards in order to have a finished product that will set the standards for the industry.

Among the guidelines laid out for this committee by the EAC charter is a requirement, in law, that the committee operate in the public interest. The seventh of the "Administrative Provisions" shows a concern by the EAC that there be no conflict of interest in the decision makers.

Given the “protections” against conflicts of interest and in favor of the public interest, we might expect good things to come out of the committee. However, reports from witnesses to the April 20/21 meeting of the TGDC are quite troubling. During discussions of voter verified paper audit trail requirements, Dr. Brit Williams, a member of the committee, stated that he opposes any new standards that would make technology already purchased non-compliant. Paul Craft, another member of the committee, then suggested that they hear from the vendor engineers who were in the audience to see what they would do about the proposed standards. At this point, Dr. Semerjian, the chairman of the committee and the Director of NIST, said that the TGDC is not in existence to approve existing voting systems, nor rubber stamp state decisions. The committee then went on a break.

Upon return from the break Paul Craft announced that he had talked to the vendors and that they did not like some of the standards. A vote was then held and those standards were deleted.

It is clear that the EAC charter is not being followed in that conflicts of interest are dictating the workings of this committee. It appears that this committee is not operating in the public interest, but in the interest of the vendors by dropping (and likely adding) items to achieve industry objectives, and not in the public interest.

It must be pointed out that Dr. Brit Williams and Paul Craft both have individual conflicts of interest. Dr. Williams has been an outspoken defender of DRE voting systems and has worked closely with Diebold as the company’s ally in Georgia. Dr. Williams was one of the architects of the voting system presently being used in Georgia. Can he be expected to approve standards that are counter to decisions that he has made in regards to the Georgia voting system?
http://www.votetrustusa.org/blogs/nist&tdgc.htm

I had read about that meeting and the shenanigans but didn't place the name.

machines and forming a network that way? any reason why a machine can't be a router too?

and

or the End of Election report comes to mind.

Diebold's Motto: "If we build-in 25 ways to hack an election, they can't find them all."

:thumbsup:

One of you guys out there needs to find a way to hack these machines in such an obvious way that they are proven to be unreliable.

Our wireless feature is used to tally all the votes together into one of the machines that has been determined to be the "Master." That master prints a paper tape with the precinct totals. Then it is taken to a phone jack where the results are transmitted to the Electoral board via modem.

I use them, I don't program them.

I have wondered if someone could hack them with a Palm Pilot. We ban the use of cell phones, but we don't ban Palm Pilots from the voting area. How could you, they easily fit into a pocket. I take mine with me everywhere. Mine isn't wireless, but it does have infra red beaming capabilities.

Don't think Small.

At the manufacturing level ANYTHING can be done to the logic.
What are you going to do, completely destructively reverse engineer every component all the way from the power supply down to where the paper drops in the tray; under an electron microscope?
chips that you could transmit a signal to that will burn up a circuit's logic?
ALL software has flaws....
You could spike the power-supply which could -- again do a logic triger to change the logic.

You CAN NOT VALIDATE electronics or digitized data!!!!!! --pound that into your heads
You CAN NOT VALIDATE electronics or digitized data!!!!!! --pound that into your heads
You CAN NOT VALIDATE electronics or digitized data!!!!!! --pound that into your heads
You CAN NOT VALIDATE electronics or digitized data!!!!!! --pound that into your heads
You CAN NOT VALIDATE electronics or digitized data!!!!!! --pound that into your heads
I hate this. Why the F won't you LISTEN!!!

If you still want to have a Constitutional Republic

YOU MUST

Remove the electricity
Stop Digitizing Data
Stop Transmitting Digitized Data Across Networks

The point of IrDA is fast, convenient, wireless interconnect. But it's easily hacked. IIRC, IrDA devices are usually prohibited in college and university exams.

And apart from the interconnected devices, it's undetectable, unlike radio links (unless you're in the line of sight).