Integrity Vulnerabilities in the Diebold TSX Voting Terminal

A new University of Connecticut study released July 16, 2007 finds two
more ways to rig elections with Diebold TSx touch-screen voting
systems like Utah uses. (add this study to the two Ohio audits that
found multiple inaccuracies in the Diebold systems; and the security
flaws uncovered by studies by Princeton, by BlackBoxVoting - including
the study done in Emery Cnty, Utah -, by the studies done in MD, and
other universities. showing other Diebold security vulnerabilities.

UConn VoTeR Center and Department of Computer Science and Engineering,
University of Connecticut
by A. Kiayias, L. Michel, A. Russell , A. A. Shvartsman

http://voter.engr.uconn.edu/voter/OS-TSX-Report_files/TSX_Voting_Terminal_Report.pdf

Integrity Vulnerabilities in the Diebold TSX Voting Terminal


ABSTRACT:

This report presents certain integrity vulnerabilities in the Diebold
AV-TSx Voting Terminal1.

We present two attacks based on these vulnerabilities: one attack
swaps the votes of two candidates and another erases the name of one
candidate from the slate.

These attacks do not require the modification of the operating system
of the voting terminal (as it was the case in a number of previous
attacks).

These attacks against the voting terminal can be launched in a matter
of minutes and require only a computer with the capability to mount a
PCMCIA card file system (a default capability in current operating
systems).

The security problems are present in the system despite the fact that
a cryptographic integrity check appears to be employed in the voting
system's memory card.

The attacks presented in this report were discovered through direct
experimentation with the voting terminal and without access to any
internal documentation or the source code from the manufacturer.

-----------

Read the full report on the newly discovered Diebold TSx vulnerabilities here:

http://voter.engr.uconn.edu/voter/OS-TSX-Report_files/TSX_Voting_Terminal_Report.pdf


election tampering - and little else. According to both the ESI and
the CSU audits in Ohio, the Diebold system is designed so as to not be
auditable at the DRE machine level - so any vote count errors cannot
be traced back to specific DRE machines - nice feature for election
fraudsters - and the reason that Utah's current audit procedure is a
sham. Just WHY does Utah use the very expensive Diebold voting system
rather than cheaper optical scan paper ballots? I dunno.]

-- Kathy Dopp The material expressed herein is the informed product of the author Kathy Dopp's fact-finding and investigative efforts. Dopp is a Mathematician, Expert in election audit mathematics and procedures; in exit poll discrepancy analysis; and can be reached at P.O. Box 680192 Park City, UT 84068 phone 435-658-4657 http://utahcountvotes.org http://kathydopp.com http://electionmathematics.org http://electionarchive.org

count on that!!

fly

You give them that much credit? :eyes: