|
Then that's 99% of the battle. If you were able to open the case, and plug in a card, odds are you could have made yourself a backdoor while you were there doing that. Or if you can't get into the administration interface, you may not have to, if the computer tries to autoconfigure the new hardware. Or you could have a special custom-made plug-in card that runs code in the BIOS sequence, before the computer boots the main OS, you could create a back door that way.
Another option is to use a port that came built in to the computer. For example, a lot of computers come with IRDA ports on them. If those ports were active, and searching for IRLAN connections, that is another way to try and get in.
Once you have an active network connection that is asking for an address, you can DHCP or BOOTP the address to it. Or you could attack it over any protocols it is running that don't need IP addresses. All you need to do is find a service running that is not configured securely, or which has a bug in it which you can exploit.
Once you are in, hacking votes is the easy part. Even if the votes are kept in a secure database, hijacking a process that has that database open is still possible -- and if the vendor made it easy for their technicians, which they often do, it is easy for you, too. And if you are the vendor, even moreso.
Getting it to sing "Yankee Doodle" with it's hard drive would be more of a challenge.
Basically with computers, anything is possible. They are very flexible -- any system based on a "standard commodity" solution will have tons of crap it doesn't need, like access to a real-time clock that could change it's behavior depending on whether it is between the hours of 3pm and 9pm on November 2 or not. No voting machine should know what time it is, IMO, any timestamps should be relative to when
it was last turned on, but even then, you would have to make sure to test the system for a full day. Twice or three times. For a full day each time. Otherwise you could not be sure that the machine was not rigged to start changing votes after it has been receiving votes for more than a few hours. How many BoE's do you think test that much?
Any "custom hardware" solution that cannot be installed on a random PC also comes with security problems. The vendor could have any number of hidden hardware or firmware components installed in it. Wireless transmitters can be hidden quite easily and disguised as part of the normal internal workings of the machine. And they could be custom solutions that will not be usable/detectible without special equipment.
Computers are not safe without a paper trail, period, and even with the paper trail, they are not safe if the people running the election system are not willing to do a recount immediately after the election, with no legal resistance or delay, with the paper ballots have been secured very well in the meantime. Countering the strategy of "hack the preliminary results, then cover up by making the ballots match before the recount happens" needs to be considered in any secure election. Any public official that drags their feet on a hand recount of the paper trail is jeopardizing the security of the system.
|
Printer-friendly format
Email this thread to a friend
Bookmark this thread
(1000+ posts)
Send PM |
Profile |
Ignore