Diebold voting machines vulnerable to virus attack

Diebold Election Systems voting machines are not secure enough to guarantee a trustworthy election, and an attacker with access to a single machine could disrupt or change the outcome of an election using viruses, according to a review of Diebold's source code.

"The software contains serious design flaws that have led directly to specific vulnerabilities that attackers could exploit to affect election outcomes," read the University of California at Berkeley report, commissioned by the California Secretary of State as part of a two-month "top-to-bottom" review of electronic voting systems certified for use in California.

The assessment of Diebold's source code revealed an attacker needs only limited access to compromise an election.

"An attack could plausibly be accomplished by a single skilled individual with temporary access to a single voting machine. The damage could be extensive -- malicious code could spread to every voting machine in polling places and to county election servers," it said.

The report, titled "Source Code Review of the Diebold Voting System," was apparently released Thursday, just one day before California Secretary of State Debra Bowen is to decide which machines are certified for use in California's 2008 presidential primary elections.

The source-code review identified four main weaknesses in Diebold's software, including: vulnerabilities that allow an attacker to install malware on the machines, a failure to guarantee the secrecy of ballots, a lack of controls to prevent election workers from tampering with ballots and results, and susceptibility to viruses that could allow attackers to an influence an election.

"A virus could allow an attacker who only had access to a few machines or memory cards, or possibly to only one, to spread malicious software to most, if not all, of a county's voting machines," the report said. "Thus, large-scale election fraud in the Diebold system does not necessarily require physical access to a large number of voting machines."

The report warned that a paper trail of votes cast is not sufficient to guarantee the integrity of an election using the machines. "Malicious code might be able to subtly influence close elections, and it could disrupt elections by causing widespread equipment failure on election day," it said.

The source-code review went on to warn that commercial antivirus scanners do not offer adequate protection for the voting machines. "They are not designed to detect virally propagating malicious code that targets voting equipment and voting software," it said.

In conclusion, the report said Diebold's voting machines had not been designed with security as a priority. "For this reason, the safest way to repair the Diebold system is to reengineer it so that it is secure by design," it said.

The Diebold source-code review and several other documents, including a review of source code used in other voting systems, had earlier been withheld from release by the Secretary of State, even as other reports related to the review of voting machines were released on July 27.

The IDG News Service is a Network World affiliate.