Diebold Voting Machines: How To Vote Multiple Times
from the not-encouraging dept
As the debate over e-voting machines continues, Ed Felten has a somewhat scary discussion about how Diebold set up their machines to read smartcards — and how easily it could be hacked to let someone vote repeatedly. Basically, rather than making sure the smartcard is valid, the system just asks the smartcard if it’s valid, and then accepts a “yes” response. As long as someone with a $50 smartcard reader (assuming DirecTV hasn’t shut them all down) can figure out how to send the simple “yes” command (and two other “okay” answers) they could create accepted smart cards and keep on voting. While someone in the comments notes that the disparity between the number of votes and the number of voters would be noticed, it’s still not clear how they would figure out which votes are legitimate. I guess this isn’t that surprising from a company that set up the universal password for their e-voting machines to be 1111. This is what happens when you try to build security by obscurity into systems that need to be secure — and why open source voting systems make much more sense to make sure that security holes are found and plugged early on.