Electronic voting doomed before it started?

Security

How can we expect electronic voting to be secure, when we can’t even get ATM machines secure?

Here’s a story about someone who obtained and used a ‘backdoor’ code that, when used on the ATM tricked it into thinking it was delivering $5 bills when in fact it was delivering $20 bills.

I would think that one system could learn from the other; everyone is familiar with how ATM’s work. Bonus. It’s straight forward to use; you swipe or insert your card and enter a four-digit pin and you’re off to the races. ATM’s also network into a bank’s master database and are able to have near-real-time data at the speed of light. Bonus.

But I’ll be damned if some hot-shot code monkey thinks its necessary to put a back door into the system that is accessible by anyone with a valid card!?

My questions are;

  1. Why was the ‘backdoor’ available from the keypad that Joe User uses? It should be a dip switch or other physical means inside the vault of the device that activates the backdoor. Not a friggin’ PIN number.
  2. Why wasn’t this discovered in the code validation process before the machines were put into production?
  3. Why aren’t there checks and balances to verify that a $5 bill was asked for and a $5 bill was dispensed? There’s a candy bar machine in my building that can tell if nothing was dispensed at all and that is to protect my $.50 investment.
  4. Was it a bank ATM or one of those deals you see at 7-11 that Joe Privateer owns? If its the former, this is even more dramatic. If its the later, I’d hate to be the owner of the machine, because he/she is out a lot of money!

If we can’t secure ATM machines how can we ever expect to secure E-voting machines?

For more information about this topic

  • No Related Post

posted by Michael on 01.26.07 @ 2:23 pm | 1 Comment

ATM machines have long been known to be a problem. Just have not had any high profile “internet-news-borne” incidents until those last year. Technicians don’t tend to be paid lucratively, nor tended to think about security over the years. Lack of widespread knowledge on the codes and lack of changing codes on machines (which means someone has to track those codes…such as when a technician quits and only he knows all the changed codes) tended to be the security. As I recall, the affected units were those like you find at 7-11: stand-alone units.

Stand-alone electronics are always fun targets, such as those speed radars that police drop someplace over night, or construction signs or kiosks. They are notorious for being protected by daylight and a lock which typically holds the manual and is typically still a default password.

By LonerVamp on 01.26.07 4:50 pm

RSS feed for comments on this post. TrackBack URI