Make the E-voting System's Password "1,2,3,4,5,6,7,8″? That's so Obvious It's Genius!
If one set out to design electronic voting machines that undermine voter confidence and threaten the integrity and accuracy of the whole election process, it would be hard to outdo those of Diebold Election Systems, if a new analysis is to be believed.
The California Secretary of State has finally released the source-code review portion of its two-month “top-to-bottom” examination of electronic voting systems certified for use in California, and it’s not pretty. “The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes,” the report concludes. “An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive–malicious code could spread to every voting machine in polling places and to county election servers.”
And it gets worse. Princeton professor Ed Felten read through the Diebold report, as well as those of Hart InterCivic and Sequoia Voting Systems, and found that some of the problems it identifies are the same ones Diebold claimed to have fixed years ago. “Diebold claimed (p. 11) in 2003 that its use of hard-coded passwords was ‘resolved in subsequent versions of the software,’ ” Felten notes. “Yet the current version still uses at least two hard-coded passwords–one is “diebold” (report, p. 46) and another is the eight-byte sequence 1,2,3,4,5,6,7,8 (report, p. 45).”
Now, “1,2,3,4,5,6,7,8” is an improvement over “11111,” Diebold’s last hard-coded security key, in that it employs eight numbers instead of just one. But surely it can’t be among those that inspired California Secretary of State Debra Bowen to recertify Diebold’s machines for use in the 2008 elections. Presumably, “come up with a less laughable password” was a condition of recertification.